Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-9707 PoC — WordPress plugin Hunk Companion 安全漏洞

Source
https://github.com/Nxploited/CVE-2024-9707-Poc
Associated Vulnerability
Title:WordPress plugin Hunk Companion 安全漏洞 (CVE-2024-9707)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Hunk Companion 1.8.4版本及之前版本存在安全漏洞,该漏洞源于缺少对 /wp-json/hc/v1/themehunk-import REST API 端点的功能检查。攻击者利用该漏洞可以远程执行代码。
Description
he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation (Versions Up to and Including 1.8.4)
Readme
# CVE-2024-9707-Poc 🌐
# Description
This script exploits the vulnerability in the WordPress Hunk Companion plugin (CVE-2024-9707), allowing unauthorized attackers to install and activate arbitrary plugins via the /wp-json/hc/v1/themehunk-import REST API endpoint.

## Features
| **Feature**                | **Description**                                              |
|----------------------------|--------------------------------------------------------------|
| Plugin Version Detection   | Automatically checks the plugin version.                    |
| Vulnerability Check        | Determines if the detected version is vulnerable (<= 1.8.4). |
| Plugin Installation        | Exploits the vulnerability to install and activate a specified plugin. |

## 🛠️ Installation and Usage:

### Prerequisites
- Python 3.x installed on your system.
- Required Python libraries: `requests`, `argparse`.

### Install the dependencies:
```bash
pip install requests
```
### Usage:
```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site.
  -p PLUGIN, --plugin PLUGIN
                        Plugin name (default: wp-file-manager).
```

2- Run the script
```
python CVE-2024-9707.py -u <TARGET_URL> [-p <PLUGIN_NAME>]
```

### Example:
```
python CVE-2024-9707.py -u https://example.com -p wp-file-manager

```
### Output
- **Version Detection**: Displays the detected version of the Hunk Companion plugin.
- **Vulnerability Status**: Informs whether the target is vulnerable.
- **Exploit Status**: Displays the result of the plugin installation attempt.

### Successful Output

```
Detected version: 1.8.4
The site is vulnerable. Proceeding with exploitation.
Plugin installed and activated successfully.
Response Status: 200
Response Body: "http:\/\/192.168.100.74\/wordpress"
```

### 🚫 Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you own or have explicit permission to test. The authors are not responsible for any misuse or damage caused by this tool.
by: Khaled_alenazi | Nxploited
File Snapshot

 [4.0K]  /data/pocs/8de269bafcd04c12a0e30c94e080a1d34ba16365
├── [4.5K]  CVE-2024-9707.py
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.