A critical security flaw in the WordPress plugin, Hunk Companion, which supports 10,000 sites, remains largely unpatched, leaving thousands vulnerable to malicious attacks. Despite a recent fix, the majority of users are yet to apply the update.
Vulnerability Identifier
CVE-2024-11972
Severity Rating: 9.8 out of 10
Affected Plugin: Hunk Companion
Number of Sites at Risk: Approximately 9,000 out of 10,000
Patch Release: Earlier this week, with only 12% of sites updated so far
Threat Overview
Daniel Rodriguez, a researcher at WP Scan, emphasized the critical nature of this vulnerability, noting the threat it poses to sites using both a ThemeHunk theme and the Hunk Companion plugin. The flaw enables unauthorized execution of harmful code, compromising website integrity. Website administrators using this plugin are urged to apply the patch immediately to prevent potential breaches. The ongoing exposure highlights the urgent need for timely updates and monitoring in maintaining website security.
The link has been copied!
