Lucene search
Kim Jong Min aka Universe (Patchstack Alliance)PATCHSTACK:04C1271E5E7FF5050D1BCD29355C0913HistoryAug 01, 2022 - 12:00 a.m.
WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-08-0100:00:00
Kim Jong Min aka Universe (Patchstack Alliance)
patchstack.com
11
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Authenticated Stored Cross-Site Scripting (XSS) vulnerability via malicious SVG file upload discovered by Kim Jong Min aka Universe (Patchstack Alliance) in WordPress Enable SVG, WebP & ICO Upload plugin (versions <= 1.0.3).
Solution
No patched version available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enable svg, webp & ico upload | le | 1.0.3 |
Related
prion
prion
Cross site scripting
2022-08-01 14:15:00
wpvulndb
wpvulndb
Enable SVG, WebP & ICO Upload <= 1.0.1 - Author+ Stored Cross-Site Scripting
2022-08-01 00:00:00
cve
cve
CVE-2022-36343
2022-08-01 14:15:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Related for PATCHSTACK:04C1271E5E7FF5050D1BCD29355C0913