cve/2024/CVE-2024-11972.md

### [CVE-2024-11972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11972)
![](https://img.shields.io/static/v1?label=Product&message=Hunk%20Companion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brightgreen)

### Description

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

### POC

#### Reference
- https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/JunTakemura/exploit-CVE-2024-11972
- https://github.com/Nxploited/CVE-2024-11972-PoC
- https://github.com/RonF98/CVE-2024-11972-POC
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/nomi-sec/PoC-in-GitHub
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-11972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11972)`
			`![](https://img.shields.io/static/v1?label=Product&message=Hunk%20Companion&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brightgreen)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### Description`

			`The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/`

			`#### Github`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/20142995/nuclei-templates`
			`- https://github.com/ARPSyndicate/cve-scores`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/JunTakemura/exploit-CVE-2024-11972`
			`- https://github.com/Nxploited/CVE-2024-11972-PoC`
			`- https://github.com/RonF98/CVE-2024-11972-POC`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/cyb3r-w0lf/nuclei-template-collection`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00