Hunk Companion - Missing Authorization (CVE-2024-11972)

CVE-2024-11972 is a critical vulnerability in the Hunk Companion WordPress plugin before version 1.9.0, where improper authorization on certain REST API endpoints allows unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository. This flaw could be exploited to install vulnerable or malicious plugins, potentially leading to full site compromise, data theft, or further attacks on affected WordPress installations.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network observations suggest that most exploitation of CVE-2024-11972 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-11972 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit unauthenticated POST requests to the /wp-json/hc/v1/themehunk-import REST API endpoint, allowing arbitrary plugin installation and activation on vulnerable WordPress sites.