CVE-2024-11972

Published: Dec 31, 2024Modified: May 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

Affected (1)

Products: Themehunk: Hunk Companion

Themehunk

1 product

Hunk Companion

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themehunk Hunk Companion	Before 1.9.0

References (1)

https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.