CVE-2024-11972

This repository contains a functional Python exploit for CVE-2024-11972, targeting the Hunk Companion WordPress plugin. The exploit leverages an unauthenticated REST API endpoint to install and activate arbitrary plugins from the WordPress repository.

This repository contains a functional Python exploit for CVE-2024-11972, which targets an unauthenticated REST API endpoint in the Hunk Companion WordPress plugin (<1.9.0). The exploit allows arbitrary plugin installation from the WordPress.org repository, potentially leading to RCE via vulnerable plugins like WP Query Console.

This repository contains a functional exploit PoC for CVE-2024-11972, which targets an unauthenticated plugin installation vulnerability in the Hunk Companion WordPress plugin before version 1.9.0. The script checks the plugin version via readme.txt and exploits the vulnerable REST API endpoint to install arbitrary plugins.

The repository contains functional exploit code for CVE-2024-11972, targeting arbitrary file upload vulnerabilities in WordPress plugins (3DPrint Lite and WPvivid). The exploits demonstrate file upload and potential RCE via crafted requests.

This repository contains a functional Python exploit for CVE-2024-11972, targeting the Hunk Companion WordPress plugin. The exploit automates the installation and activation of arbitrary plugins via a vulnerable REST endpoint without authentication.

This exploit leverages an unauthenticated permission_callback flaw in the Hunk Companion plugin's REST API endpoint to install and activate arbitrary plugins from the WordPress.org repository. It sends a crafted JSON payload to the /wp-json/hc/v1/themehunk-import endpoint, bypassing authentication.