CVE-2024-11972

hunk_companion vulnerability - themehunk

Critical CVSS Score: 9.8 Published: 2024-12-31

Description

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

Affected Systems

Vendor	themehunk
Product	hunk_companion
Affected Versions	before 1.9.0
CWE ID	N/A

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482...

Risk Assessment

CVSS: 9.8/10

Exploit Available	Unknown
Patch Available	Unknown

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring