CVE-2024-11972 Scanner

The Hunk Companion plugin is a widely-used WordPress plugin that enables users to add various functionalities and features to their WordPress sites. It is developed by Themehunk, a prominent vendor in the WordPress community. This plugin assists in enhancing website themes and provides several import options for users to enrich their site's aesthetics and usability. The plugin is particularly popular among WordPress developers and site administrators looking for straightforward solutions to integrate additional features without extensive programming. Built on the customizable WordPress framework, it serves as a valuable tool for crafting visually appealing websites with minimal effort. Despite its benefits, vulnerabilities within the plugin can expose websites to significant security risks if not promptly addressed.

The vulnerability in question involves Unauthorized Admin Access, wherein certain REST API endpoints within the Hunk Companion plugin do not require authentication. As a result, attackers can install and activate arbitrary plugins from the WordPress.org repository, potentially including those with known vulnerabilities. This issue arises from inadequate authorization checks on these specific API endpoints. Consequently, it allows unauthorized users to execute actions that should be restricted to admins only. Such loopholes significantly compromise the security integrity of the WordPress site, enabling attackers to install and potentially exploit malicious plugins effortlessly. Ensuring proper authorization mechanisms at these endpoints is crucial in protecting the platform from such vulnerabilities.

Technically, the vulnerability exploits the plugin's failure to enforce authentication on REST API endpoints meant for plugin installation and activation. Attackers can craft requests to these endpoints, manipulating parameters to trigger the installation of plugins from the WordPress repository. The vulnerability specifically affects an endpoint within the API that handles plugin imports and installations. Through a crafted POST request, the attacker can bypass authentication processes, taking advantage of the open API channel meant for administrative purposes. This lack of authentication allows them to supply arbitrary plugin parameters for installation, posing significant security risks to sites using vulnerable versions of the plugin.

When exploited, the vulnerability can lead to severe consequences for affected websites. Unauthorized plugin installations can compromise the site's stability and security by introducing plugins that contain backdoors or malicious functionalities. This unauthorized access can escalate to compromising sensitive user data or defacing the website entirely. In more severe cases, attackers could leverage this access to infiltrate further into the hosting environment, potentially affecting other sites or applications running on the same server. Such exploitation could result in data breaches, financial losses, and severe damage to the compromised website's reputation.

REFERENCES

• https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/
• https://github.com/JunTakemura/exploit-CVE-2024-11972
• https://github.com/Nxploited/CVE-2024-11972-PoC
• https://github.com/RonF98/CVE-2024-11972-POC