CVE-2024-4272

The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-11091

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Support SVG 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Support SVG <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Support SVG versions = 1.1.0...

WordPress Support SVG Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Support SVG Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d70333b5396 Credits Francesco Carlucci Required...

WordPress Support SVG Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Support SVG Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4272 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c36e42fd0ca Credits Rayhan Ramdhany Hanaputra...

CVE-2024-4272

The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-4272

CVE-2024-4272 affects the WordPress plugin Support SVG (versions before 1.1.0). The issue: SVG file contents are not sanitized, enabling users with at least the author role to upload SVGs that can execute malicious JavaScript, leading to Stored XSS. Connected sources corroborate the vulnerability...

PT-2024-30114 · WordPress · Support Svg Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Support SVG WordPress plugin versions prior to 1.1.0 Description: The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, leading to Stored XSS attacks. This is due to the lack of...

PT-2023-32114 · WordPress · Cits Support Svg

Name of the Vulnerable Software and Affected Versions: CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin versions prior to 3.0 Description: The issue concerns the failure to sanitise uploaded SVG files, potentially allowing users with a role as low as Author to upload maliciou...

WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...