Critical severity9.9NVD Advisory· Published Nov 28, 2024· Updated Apr 15, 2026

CVE-2024-11082

Description

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Patches

1702d3d4fd0f

https://github.com/tumult/hype-wordpress-pluginvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/tumult/hype-wordpress-plugin/commit/1702d3d4fd0fae9cb9fc40cdfc3dfb8584d5f04cnvd
plugins.trac.wordpress.org/browser/tumult-hype-animations/trunk/includes/adminpanel.phpnvd
plugins.trac.wordpress.org/changeset/3197761/nvd
wordpress.org/plugins/tumult-hype-animations/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/be3a0b4b-cce5-4d78-99d5-697f2cf04427nvd

News mentions

No linked articles in our index yet.

cvss	0.643
epss	0.010
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000