CVE-2024-9707
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
GitHub<p>Hunk Companion contain all features which are required to create a complete website. Main motive behind this plugin is to boost up functionality of ThemeHunk themes. This plugin will work for Gogo, Almaira and upcoming ThemeHunk themes.</p>
<p><strong>Key Features:-</strong></p>
<p><strong>Features:</strong><br />
– Add service section<br />
– Add Team Section<br />
– Add clients-and-testimonials section<br />
– Add about-us section<br />
– Add slider-typewriter section<br />
– Add call-to section<br />
– Add woocommerce section<br />
– Add portfolio section<br />
– Add pricing section<br />
– Add Ribbon section<br />
– Add blog section<br />
– Add contact-us section<br />
– Add social section<br />
– Add Homepage Layout section<br />
– Add Product Filter<br />
– Add Categories Section<br />
– Add Instagram Section<br />
– Add Hero Slider</p>
<p>Not all but required features will be added to particular theme.</p>
WordPress Plugin Directory