EDB-52259
webappsmultiple
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
CVE-2024-11972
Jun Takemura4/18/2025
CVE-2024-11972
9.8CRITICALThe Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plug
Published: 12/31/2024Updated: 5/17/2025
Description
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.
AI AnalysisPowered by AI
Affected Products
themehunkhunk_companion
Available Exploits (1)
References
- https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/ExploitThird Party Advisory