Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add version detection for cve-2024-11972 #160

Merged
merged 2 commits into from
Dec 16, 2024
Merged

Add version detection for cve-2024-11972 #160

merged 2 commits into from
Dec 16, 2024

Conversation

PiranhaSa
Copy link
Contributor

@PiranhaSa PiranhaSa commented Dec 16, 2024
edited
Loading

The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0.
it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross‑Site Scripting (XSS), or even the creation of administrative backdoors.
https://wpscan.com/blog/unauthorized-plugin-installation-activation-in-hunk-companion/

@PiranhaSa PiranhaSa requested a review from a team as a code owner December 16, 2024 13:59
ostorlab-ai-pr-review[bot]
ostorlab-ai-pr-review bot reviewed Dec 16, 2024
View reviewed changes
Copy link

@ostorlab-ai-pr-review ostorlab-ai-pr-review bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Bot Review comment

tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
tests/exploits/cve_2024_11972_test.py Show resolved Hide resolved
@3asm
Copy link
Member

3asm commented Dec 16, 2024

@PiranhaSa please add a description.

Base automatically changed from feature/cve-2024-50623 to main December 16, 2024 16:22
@3asm 3asm merged commit 74126d5 into main Dec 16, 2024
@3asm 3asm deleted the feature/cve-2024-11972 branch December 16, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ostorlab-ai-pr-review ostorlab-ai-pr-review[bot] ostorlab-ai-pr-review[bot] left review comments

@Zakaria-Latif Zakaria-Latif Zakaria-Latif left review comments

@nmasdoufi-ol nmasdoufi-ol nmasdoufi-ol approved these changes

@benyissa benyissa benyissa approved these changes

@rabsondev rabsondev rabsondev approved these changes

@mohsinenar mohsinenar mohsinenar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@PiranhaSa @3asm @mohsinenar @Zakaria-Latif @rabsondev @benyissa @nmasdoufi-ol