Unrated severityNVD Advisory· Published Dec 31, 2024· Updated Dec 31, 2024
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
CVE-2024-11972
Description
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.9.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.