WordPress plugin Easy SVG Support 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Easy SVG Support plugin <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Sornram9254 in WordPress Plugin Easy SVG Support versions = 4.0...

[SECURITY] Fedora 43 Update: sigil-2.6.2-3.fc43

Sigil is a multi-platform WYSIWYG ebook editor. It is designed to edit books in ePub format. Now what does it have to offer... Full Unicode support: everything you see in Sigil is in UTF-16 Full EPUB spec support WYSIWYG editing Multiple Views: Book View, Code View and Split View Metadata editor...

EUVD-2024-33003

Malicious code in bioql PyPI...

EUVD-2022-25232

Malicious code in bioql PyPI...

EUVD-2025-4523

Malicious code in bioql PyPI...

EUVD-2023-59272

Malicious code in bioql PyPI...

EUVD-2022-25036

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview ammonia is a whitelist-based HTML sanitization library. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleaning process when handling embedded svg or math tags. An attacker can execute arbitrary scripts in the context of the affected application by...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-1755

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-7088

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7088 Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7088 Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress Your Simple SVG Support plugin <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Your Simple SVG Support versions = 1.0.1...

WordPress plugin Your Simple SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Your...

WordPress SVG Support plugin <= 2.5.8 - Stored Cross-Site Scripting via Vulnerability Dependency vulnerability

Stored Cross-Site Scripting via Vulnerability Dependency vulnerability discovered by WordFence in WordPress Plugin SVG Support versions = 2.5.8...

CVE-2024-10222

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-10222

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...