Lucene search
K

7 matches found

OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.7 views

WordPress Safe SVG Plugin < 2.2.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...

4.8CVSS7AI score0.00303EPSS
Exploits1References1
OSV
OSV
added 2024/11/07 4:15 p.m.3 views

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

4.8CVSS5.9AI score0.00303EPSS
Exploits1References1
NVD
NVD
added 2024/11/07 4:15 p.m.39 views

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

4.8CVSS0.00303EPSS
Exploits1References1
Circl
Circl
added 2024/11/07 3:18 p.m.24 views

CVE-2024-8378

creationtimestamp| type| source ---|---|--- 2024-11-07 15:18:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113442339897397248 2024-11-07 17:46:18+00:00| seen| https://t.me/cvedetector/10095...

4.8CVSS4.8AI score0.00303EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/07 3:7 p.m.12 views

CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

5.6AI score0.00303EPSS
Exploits1References1
CVE
CVE
added 2024/11/07 3:7 p.m.131 views

CVE-2024-8378

CVE-2024-8378 relates to the WordPress Safe SVG plugin prior to version 2.2.6. The sanitisation logic only runs for paths that call wp_handle_upload and does not cover code using wp_handle_sideload, which is commonly used to upload attachments via raw POST data. This gap can permit bypass of sani...

4.8CVSS5.3AI score0.00303EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/07 3:7 p.m.39 views

CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

0.00303EPSS
Exploits1References1
Rows per page
Query Builder