CVE-2024-11098

The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-11098

The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-11098 SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-11098

CVE-2024-11098 : The WordPress plugin SVG Block is vulnerable to Stored Cross-Site Scripting via REST API SVG file uploads in all versions up to and including 1.1.24. Exploitation requires authenticated access at Administrator level or higher, and can cause arbitrary scripts to run in pages when ...

CVE-2024-11098 SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...

WordPress plugin SVG Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress SVG Block plugin <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Block versions = 1.1.24...

WordPress SVG Block Plugin <= 1.1.24 is vulnerable to Cross Site Scripting (XSS)

Software SVG Block Type Plugin Vulnerable versions = 1.1.24 Fixed in 1.1.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11098 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9f7c13aa886e Credits Francesco Carlucci Required...

WordPress SVG Block plugin < 1.1.20 - Author+ Stored XSS via SVG File Upload vulnerability

Author+ Stored XSS via SVG File Upload vulnerability discovered by Rayhan Ramdhany Hanaputra in WordPress Plugin SVG Block versions 1.1.20...

WordPress SVG Block Plugin < 1.1.20 is vulnerable to Cross Site Scripting (XSS)

Software SVG Block Type Plugin Vulnerable versions 1.1.20 Fixed in 1.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4269 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 927bcf9065fa Credits Rayhan Ramdhany Hanaputra...

CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload

The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

PT-2024-30108 · WordPress · Svg Block

Name of the Vulnerable Software and Affected Versions: SVG Block WordPress plugin versions prior to 1.1.20 Description: The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, enabling Stored XSS attacks due to the lack of sanitization of SVG file...

WordPress plugin SVG Block security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...