Lucene search
K

6 matches found

Nuclei
Nuclei
added 17 hours ago34 views

Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS8.1AI score0.09137EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2025/01/12 11:35 p.m.522 views

Exploit for Missing Authorization in Themehunk Hunk_Companion

CVE-2024-9707-Poc 🌐 Description This script exploits the vul...

9.8CVSS9.5AI score0.09137EPSS
Exploits2
Circl
Circl
added 2024/10/11 4:10 p.m.30 views

CVE-2024-9707

creationtimestamp| type| source ---|---|--- 2024-10-11 16:10:23+00:00| seen| https://t.me/cvedetector/7657 2025-01-13 04:00:07+00:00| published-proof-of-concept| Telegram/hiSHwf5P-4Z1qIx5PQAKOBZYsZAfhTVeVVzmDBF29dx0nEw 2025-02-08 23:20:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3882...

9.8CVSS7.6AI score0.09137EPSS
Exploits2References11
NVD
NVD
added 2024/10/11 1:15 p.m.40 views

CVE-2024-9707

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS0.09137EPSS
Exploits2References4
CVE
CVE
added 2024/10/11 6:50 a.m.148 views

CVE-2024-9707

CVE-2024-9707 covers the Hunk Companion WordPress plugin (v1.8.4 and earlier). Multiple sources confirm a missing capability check on the REST endpoint /wp-json/hc/v1/themehunk-import, allowing unauthenticated attackers to install/activate arbitrary plugins and potentially trigger remote code exe...

9.8CVSS9.7AI score0.09137EPSS
In wildExploits2References4Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.26 views

WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control

Software Hunk Companion Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9707 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 20cecbb53904 Credits Sean Murphy Required privileg...

9.8CVSS6.5AI score0.09137EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder