Hunk Companion 漏洞列表
共找到 4 个与 Hunk Companion 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2024-11972: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation POC
The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. -
CVE-2024-9707: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation POC
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. -
CVE-2024-11972: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation POC
The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. -
CVE-2024-9707: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation POC
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.