- Description
- The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
About Authentication Bypass - #HunkCompanion #WordPress plugin (CVE-2024-11972) vulnerability allowing unauthenticated attackers to install and activate plugins from the WordPressOrg repository. #WPScan ➡️ https://t.co/harUMA16nb https://t.co/syb37wn5J6
@leonov_av
11 Jan 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11972 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthen..https://t.co/O5PfZ0zp7C #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 Jan 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11972 Unauthenticated Plugin Installation Vulnerability in Hunk... https://t.co/8PLyY01NWF Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
31 Dec 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11972 The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbit… https://t.co/VcbuHyleUH
@CVEnew
31 Dec 2024
453 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPress の Hunk Companion プラグインの脆弱性 CVE-2024-11972 が FIX:ただちにパッチを! https://t.co/EYUN4O910S Hunk Companion の脆弱性を悪用する脅威アクターたちは、それにより、既知の脆弱性を抱えている、他のプラグインをダウンロード/実行し、WeorPress サイトを侵害していきます。… https://t.co/Ok9TKfh3mx
@iototsecnews
23 Dec 2024
96 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. Read More: https://t.co/bEZZ0fkGOO http
@pinakinit1
19 Dec 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability in Hunk Companion Plugin: Unauthorized Plugin Installation #OSINT #CVE-2024-11972 #CVE-2024-50498 #T1190 #ExploitPublicFacingApplication #T1210 #ExploitationOfRemoteServices #T1505003 #WebShell #T1588005 #Exploits https://t.co/poymjeGxsj
@iProtectCSS
19 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WordPress'te KRİTİK Güvenlik Açığı! 🔐 Araştırmacılara göre, popüler Hunk Companion eklentisinde CVE-2024-11972 adlı güvenlik açığı aktif saldırılara neden oluyor. ⚠️ 9.8/10 Şiddet Skoru taşıyan açık, saldırganların kimliksiz bir şekilde kötü amaçlı kod çalıştırmasına izin…
@MimirSBook
16 Dec 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attention aux attaques : Vulnérabilité critique dans le plugin Hunk Companion pour WordPress exploité pour installer secrètement des plugins vulnérables. CVE-2024-11972 avec un score CVSS de 9.8. Pour les Analystes de Sécurité #WordPress #Cybersecurite 👉 https://t.co/MVzItCSYfH
@CyberAlertFr
13 Dec 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Hunk Companion Plugin Flaw Exploited for Silent Plugin Installation Hackers are actively exploiting a critical vulnerability in the WordPress Hunk Companion plugin (CVE-2024-11972) to install vulnerable plugins, opening the door for Remote Code Execution (RCE) on over 10,000
@gossy_84
13 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Using WordPress? You might be at risk. A critical flaw in the Hunk Companion plugin (CVE-2024-11972) affects 10,000+ sites. Attackers can install vulnerable plugins and launch attacks like #RCE, #SQLInjection and #XSS. Update to v1.9.0 now! 🔗Read more: https://t.co/CkMrtkqbKn
@focalpointsprl
13 Dec 2024
20 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: WordPress Hunk Companion Plugin Remote Code Execution (RCE) Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-11972 (CVSS v3 9.8/10) WordPress Hunk Companion Plugin Remote Code Execution (RCE) Vulnerability Impact A Successful exploit may allow
@CyberxtronTech
13 Dec 2024
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: WordPress Hunk Companion Plugin Remote Code Execution (RCE) Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-11972 (CVSS v3 9.8/10) WordPress Hunk Companion Plugin Remote Code Execution (RCE) Vulnerability Impact A Successful exploit may allow
@CyberxtronTech
13 Dec 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: WordPress Hunk Companion Remote Code Execution (RCE) Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-11972 (CVSS v3 9.8/10) WordPress Hunk Companion Remote Code Execution (RCE) Vulnerability Impact A Successful exploit may allow attackers to…
@CyberxtronTech
13 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks https://t.co/tTvrMpsOvh
@the_yellow_fall
13 Dec 2024
11 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. https://t.co/1OLiucgGXL https://t.co/M
@riskigy
13 Dec 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical WordPress plugin vulnerability under active exploit threatens thousands: CVE-2024-11972 https://t.co/YPvp3Qk8Hm
@vault33org
13 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hunk Companion WordPress plugin exploited to install vulnerable plugins: https://t.co/8MtZpN47nT Hackers are exploiting a critical vulnerability (CVE-2024-11972) in the Hunk Companion WordPress plugin, allowing the installation of outdated plugins with known flaws. This can lead
@securityRSS
12 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Vulnerabilities & Patches: 1. WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins: Attackers are exploiting the Hunk Companion vulnerability (CVE-2024-11972) to install flawed plugins, enabling RCE attacks on over 10,000 WordPress sites.
@OnsecCyberDaily
12 Dec 2024
38 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WordPress Security Alert: Hunk Companion Plugin Exploited! A critical flaw (CVE-2024-11972) in the Hunk Companion plugin is being actively exploited, allowing attackers to install & activate malicious plugins for RCE, SQLi, & XSS attacks.
@NetSec_Ian
12 Dec 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 WordPress Alert: The Hunk Companion plugin vulnerability (CVE-2024-11972) opens doors to unauthorized access and potential site compromise. Protect your site—update and secure now! 🔒 #CyberSecurity #WordPressVulnerability 🔗 Read more: https://t.co/4JNWd14pRd
@InnoVirtuoso
12 Dec 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Attention WordPress Developers! 🚨 A critical vulnerability in the Hunk Companion plugin (CVE-2024-11972) is being exploited to install vulnerable plugins, risking RCE and other attacks on over 10,000 sites! Update to version 1.9.0 ASAP! Read more here: https://t.co/3YNIDqYFHc
@wiseduckdev
12 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Flaw Alert in Hunk Companion Plugin for #WordPress! 🚨 https://t.co/1DAg4Zq0wk A vulnerability (CVE-2024-11972) allows attackers to install & activate other vulnerable plugins without authentication, leading to potential RCE, SQL Injection, and more. Over 10,000 s
@SecTicks
12 Dec 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) allows attackers to install vulnerable plugins, potentially leading to Remote Code Execution (RCE), SQL Injection, and administrative backdoors. Over 10,000 WordPress sites are at risk. https://t.co/OkVpYiAmjh
@SamTechwest
12 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) allows attackers to install vulnerable plugins, potentially leading to Remote Code Execution (RCE), SQL Injection, and administrative backdoors.
@isit_nomi
12 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) exposes 10,000+ #WordPress sites to RCE, SQL Injection, and backdoors. Secure your site now: https://t.co/vYC3XHtVJx #CyberSecurityAwareness
@TheHackersNews
12 Dec 2024
37410 Impressions
30 Retweets
56 Likes
13 Bookmarks
2 Replies
2 Quotes