Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-9707 PoC — Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation

Source
https://github.com/Nxploited/CVE-2024-9707-Poc
Associated Vulnerability
Title:Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation (CVE-2024-9707)
Description:The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Description
he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation (Versions Up to and Including 1.8.4)
Readme
# CVE-2024-9707-Poc 🌐
# Description
This script exploits the vulnerability in the WordPress Hunk Companion plugin (CVE-2024-9707), allowing unauthorized attackers to install and activate arbitrary plugins via the /wp-json/hc/v1/themehunk-import REST API endpoint.

## Features
| **Feature**                | **Description**                                              |
|----------------------------|--------------------------------------------------------------|
| Plugin Version Detection   | Automatically checks the plugin version.                    |
| Vulnerability Check        | Determines if the detected version is vulnerable (<= 1.8.4). |
| Plugin Installation        | Exploits the vulnerability to install and activate a specified plugin. |

## 🛠️ Installation and Usage:

### Prerequisites
- Python 3.x installed on your system.
- Required Python libraries: `requests`, `argparse`.

### Install the dependencies:
```bash
pip install requests
```
### Usage:
```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site.
  -p PLUGIN, --plugin PLUGIN
                        Plugin name (default: wp-file-manager).
```

2- Run the script
```
python CVE-2024-9707.py -u <TARGET_URL> [-p <PLUGIN_NAME>]
```

### Example:
```
python CVE-2024-9707.py -u https://example.com -p wp-file-manager

```
### Output
- **Version Detection**: Displays the detected version of the Hunk Companion plugin.
- **Vulnerability Status**: Informs whether the target is vulnerable.
- **Exploit Status**: Displays the result of the plugin installation attempt.

### Successful Output

```
Detected version: 1.8.4
The site is vulnerable. Proceeding with exploitation.
Plugin installed and activated successfully.
Response Status: 200
Response Body: "http:\/\/192.168.100.74\/wordpress"
```

### 🚫 Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you own or have explicit permission to test. The authors are not responsible for any misuse or damage caused by this tool.
by: Khaled_alenazi | Nxploited
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →