6 matches found
Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
Exploit for Missing Authorization in Themehunk Hunk_Companion
CVE-2024-9707-Poc 🌐 Description This script exploits the vul...
CVE-2024-9707
creationtimestamp| type| source ---|---|--- 2024-10-11 16:10:23+00:00| seen| https://t.me/cvedetector/7657 2025-01-13 04:00:07+00:00| published-proof-of-concept| Telegram/hiSHwf5P-4Z1qIx5PQAKOBZYsZAfhTVeVVzmDBF29dx0nEw 2025-02-08 23:20:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3882...
CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
CVE-2024-9707
CVE-2024-9707 covers the Hunk Companion WordPress plugin (v1.8.4 and earlier). Multiple sources confirm a missing capability check on the REST endpoint /wp-json/hc/v1/themehunk-import, allowing unauthenticated attackers to install/activate arbitrary plugins and potentially trigger remote code exe...
WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control
Software Hunk Companion Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9707 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 20cecbb53904 Credits Sean Murphy Required privileg...