6 matches found
CVE-2024-11082
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimationspanel function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-11082
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimationspanel function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-11082
creationtimestamp| type| source ---|---|--- 2024-11-28 09:49:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113559953257552422...
CVE-2024-11082
The CVE-2024-11082 entry concerns the Tumult Hype Animations WordPress plugin (versions
CVE-2024-11082 Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimationspanel function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to...
WordPress Tumult Hype Animations Plugin <= 1.9.15 is vulnerable to Arbitrary File Upload
Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.15 Fixed in 1.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-11082 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 259828d3532b Credits vgo0 Required privilege...