cve/CVE-2024-11972.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2024-11972

Description

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

POC

Reference

https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cve-scores
https://github.com/JunTakemura/exploit-CVE-2024-11972
https://github.com/Nxploited/CVE-2024-11972-PoC
https://github.com/RonF98/CVE-2024-11972-POC
https://github.com/cyb3r-w0lf/nuclei-template-collection
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Permalink Blame History

CVE-2024-11972

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History