cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11972,https://securityvulnerability.io/vulnerability/CVE-2024-11972,Authorization Flaw in Hunk Companion Plugin for WordPress,"The Hunk Companion WordPress plugin prior to version 1.9.0 exhibits a security weakness related to improper authorization of certain REST API endpoints. This vulnerability allows malicious actors to perform unauthenticated requests, resulting in the potential for unauthorized installation and activation of arbitrary instances of the Hunk Companion plugin directly from the WordPress.org repository. It is crucial for users to upgrade to version 1.9.0 or later to mitigate this issue and protect their WordPress installations from exploitation.",Wordpress,Hunk Companion,9.8,CRITICAL,0.0004299999854993075,false,,false,false,true,true,false,false,2024-12-31T06:00:01.751Z,0
CVE-2024-9707,https://securityvulnerability.io/vulnerability/CVE-2024-9707,Unauthorized Plugin Installation/Activation Vulnerability Affects Hunk Companion for WordPress,"The Hunk Companion plugin for WordPress is susceptible to an unauthorized plugin installation and activation vulnerability. This issue arises from an absence of capability checks on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to 1.8.4. As a result, unauthenticated attackers can potentially install and activate arbitrary plugins on affected WordPress sites. If a vulnerable plugin is also installed, this flaw may lead to remote code execution, significantly increasing the risk for site owners and users. Addressing this vulnerability is crucial for maintaining the integrity and security of your WordPress environment.",Wordpress,Hunk Companion,9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,true,false,false,2024-10-11T06:50:18.867Z,0