Lucene search
HistoryJul 10, 2023 - 4:15 p.m.
CVE-2023-2529
cve-2023-2529
enable svg uploads
wordpress
plugin
sanitize
svg
upload
xss
payloads
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Affected configurations
Node
enable_svg_uploads_projectenable_svg_uploadsRange≤2.1.5wordpress
Related
wpvulndb
wpvulndb
Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-06-19 00:00:00
prion
prion
Design/Logic Flaw
2023-07-10 16:15:00
wpexploit
wpexploit
Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-06-19 00:00:00
cve
cve
CVE-2023-2529
2023-07-10 16:15:51
cvelist
cvelist
CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-07-10 12:40:43
wordfence
wordfence
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%
Related for NVD:CVE-2023-2529