WordPress Enable SVG plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability via SVG

2022-05-0300:00:00

Luan Pedersini

patchstack.com

0.001 Low

EPSS

Percentile

24.8%

Stored Cross-Site Scripting (XSS) vulnerability via SVG discovered by Luan Pedersini in WordPress Enable SVG plugin (versions <= 1.3.1).

Solution

           Update the WordPress Enable SVG plugin to the latest available version (at least 1.4.0).

CPENameOperatorVersion
enable svgle1.3.1

CPE	Name	Operator	Version
	enable svg	le	1.3.1

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1562

wordpress.org/plugins/enable-svg/#developers

wpscan.com/vulnerability/8e5b1e4f-c132-42ee-b2d0-7306ab4ab615

0.001 Low

EPSS

Percentile

24.8%

Related for PATCHSTACK:CC01B47DFAD304F70EEC45B916AFC06C