Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/28 7:15 a.m.21 views

CVE-2024-13448

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS0.00881EPSS
Exploits0References2
Circl
Circl
added 2025/01/28 6:44 a.m.12 views

CVE-2024-13448

creationtimestamp| type| source ---|---|--- 2025-01-28 06:44:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113904625814112822 2025-01-28 07:15:19+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrvuc5lru2f 2025-01-28 08:48:25+00:00| seen|...

9.8CVSS8.9AI score0.00881EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/28 6:38 a.m.22 views

CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS0.00881EPSS
Exploits0References2
CVE
CVE
added 2025/01/28 6:38 a.m.87 views

CVE-2024-13448

CVE-2024-13448 affects the ThemeREX Addons WordPress plugin via arbitrary file uploads due to missing file type validation in trx_addons_uploads_save_data, affecting all versions up to 2.32.3. Unauthenticated upload could lead to remote code execution. Red Hat and other sources indicate remediati...

9.8CVSS8.1AI score0.00881EPSS
In wildExploits0References2Affected Software1
Rows per page
Query Builder