What is CVE-2024-11972?

CVE-2024-11972 is a vulnerability in Hunk Companion, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-12-31.

Is CVE-2024-11972 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hunk Companion

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org…

EPSS: 0.919 (99.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Hunk Companion — versions 0

Public proof-of-concept exploits

NoxPenguin/exploit-CVE-2024-11972
RonF98/CVE-2024-11972-POC
Nxploited/CVE-2024-11972-PoC
JunTakemura/exploit-CVE-2024-11972
NoxPengwin/exploit-CVE-2024-11972
cyb3r-w0lf/nuclei-template-collection
nomi-sec/PoC-in-GitHub
20142995/nuclei-templates
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-11972?: CVE-2024-11972 is a vulnerability in Hunk Companion, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-12-31.
Is CVE-2024-11972 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.