15 matches found
WordPress plugin Easy SVG Support 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Easy SVG Support plugin <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Sornram9254 in WordPress Plugin Easy SVG Support versions = 4.0...
EUVD-2024-33003
Malicious code in bioql PyPI...
EUVD-2022-25232
Malicious code in bioql PyPI...
CVE-2024-10269
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...
CVE-2024-10269 Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...
WordPress Easy SVG Support plugin <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy SVG Support versions = 3.7...
WordPress Easy SVG Support Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)
Software Easy SVG Support Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10269 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74db701b56a6 Credits Francesco Carlucci Require...
CVE-2022-1964
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2022-1964
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
Design/Logic Flaw
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2022-1964
The CVE concerns the WordPress Easy SVG Support plugin prior to v3.3.0, where uploaded SVG files are not properly sanitised. This allows users with a role as low as Author to upload an SVG containing XSS payloads, enabling stored cross-site scripting via SVG uploads. Affected software: WordPress ...
CVE-2022-1964 Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
WordPress plugin Easy SVG Support 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Easy SVG Support plugin 3.3....
WordPress Easy SVG Support plugin <= 3.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via SVG
Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Easy SVG Support plugin versions = 3.2.0. Solution Update the WordPress Easy SVG Support plugin to the latest available version at least 3.3.0...