FlagThis

A critical vulnerability, CVE-2024-11972, has been discovered in the Hunk Companion WordPress plugin, affecting versions below 1.9.0. This flaw allows malicious actors to install and activate vulnerable plugins on affected sites through unauthenticated POST requests. Attackers can exploit this to backdoor sites. The vulnerability has a CVSS score of 9.8, highlighting its severity. This flaw poses a significant security risk, impacting over 10,000 websites. Site owners are advised to update their plugins immediately.