CVE-2024-11082

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 434

Summary

CVE-2024-11082 is a vulnerability affecting the Tumult Hype Animations plugin for WordPress. The issue lies in the hypeanimations_panel() function, which lacks proper file type validation. This oversight enables authenticated attackers with Author-level access or higher to upload arbitrary files on the vulnerable site's server. The potential consequences of this vulnerability are significant, as successful exploitation could lead to remote code execution. All WordPress installations using the Tumult Hype Animations plugin before version 1.9.16 are at risk. Users are encouraged to update to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share