4 matches found
CVE-2024-13448
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2024-13448
creationtimestamp| type| source ---|---|--- 2025-01-28 06:44:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113904625814112822 2025-01-28 07:15:19+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrvuc5lru2f 2025-01-28 08:48:25+00:00| seen|...
CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2024-13448
CVE-2024-13448 affects the ThemeREX Addons WordPress plugin via arbitrary file uploads due to missing file type validation in trx_addons_uploads_save_data, affecting all versions up to 2.32.3. Unauthenticated upload could lead to remote code execution. Red Hat and other sources indicate remediati...