CVE-2024-11972 – WordPress Hunk Companion Unauthorized Plugin Installation and Activation Vulnerability

12月 31, 2024
7:16 am

CVE ID : CVE-2024-11972

Published : Dec. 31, 2024, 6:15 a.m. | 1 hour, 1 minute ago

Description : The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-11972 – WordPress Hunk Companion Unauthorized Plugin Installation and Activation Vulnerability

Elvescore.io

Recent Posts

CVE-2024-48197 – Audiocodes MP-202b Cross Site Scripting Privilege Escalation

CVE-2024-56199 – phpMyFAQ HTML Injection Vulnerability

CVE-2025-0173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

CVE-2024-11716 – CTFd Team Bracket Reassignment Vulnerability ( Privilege Escalation )

CVE-2024-11717 – CTFd TokenForgeable Authentication

CVE-2022-45811 – WeyHan Ng Post Teaser Missing Authorization

CVE-2024-11972 – WordPress Hunk Companion Unauthorized Plugin Installation and Activation Vulnerability

CVE-2024-11972 – WordPress Hunk Companion Unauthorized Plugin Installation and Activation Vulnerability