CVE-2024-10543

The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tumult:tumult_hype_animations:*:*:*:*:*:wordpress:*:*

History

08 Nov 2024, 21:19

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3182537%40tumult-hype-animations&new=3182537%40tumult-hype-animations&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3182537%40tumult-hype-animations&new=3182537%40tumult-hype-animations&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=cve - Third Party Advisory
CPE cpe:2.3:a:tumult:tumult_hype_animations:*:*:*:*:*:wordpress:*:*
First Time Tumult
Tumult tumult Hype Animations

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) El complemento Tumult Hype Animations para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacidad faltante en la función hypeanimations_getcontent en todas las versiones hasta la 1.9.14 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, recuperen información de las animaciones.

06 Nov 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-06 07:15

Updated : 2024-11-08 21:19


NVD link : CVE-2024-10543

Mitre link : CVE-2024-10543

CVE.ORG link : CVE-2024-10543


JSON object : View

Products Affected

tumult

  • tumult_hype_animations
CWE
CWE-862

Missing Authorization