CVE-2024-9072

The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-9066

The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

UBUNTU-CVE-2023-45872

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service application crash if it is not actually an SVG document...

PT-2024-39646 · WordPress · Wp Builder

Name of the Vulnerable Software and Affected Versions: WP Builder plugin for WordPress versions up to, and including, 3.0.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

PT-2024-39399 · WordPress · Elementor Inline Svg

Name of the Vulnerable Software and Affected Versions: Elementor Inline SVG plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

VulnCheck KEV: CVE-2024-37383

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

WordPress Sirv plugin <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Sirv versions = 7.2.9...

WordPress WP Cleanup and Basic Functions plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Cleanup and Basic Functions versions = 2.2.1...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2024-9271

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

CVE-2024-9368

The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

PT-2024-12114 · Taskcafe · Taskcafe

Name of the Vulnerable Software and Affected Versions: Taskcafe version 0.3.2 Description: The issue is related to a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload. An authenticated attacker can exploit this by uploading a malicious picture, which will...

WordPress plugin Re:WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

Sulu 跨站脚本漏洞

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A cross-site scripting vulnerability exists in Sulu that stems from allowing users to upload SVG files with a malicious payload...

PT-2024-39600 · WordPress · Wp Blocks Hub

Name of the Vulnerable Software and Affected Versions: WP Blocks Hub plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...

PT-2024-32677 · Sulu · Sulu

Name of the Vulnerable Software and Affected Versions: Sulu versions 2.0.0 through 2.6.4 Description: Sulu, a PHP content management system, is vulnerable to XSS attacks. A low-privileged user with access to the "Media" section can upload an SVG file containing a malicious payload. Once uploaded...

WordPress PWA plugin <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin PWA versions = 1.6.3...

PT-2024-39470 · WordPress · Demo Importer Plus

Name of the Vulnerable Software and Affected Versions: Demo Importer Plus plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

WordPress Relogo plugin <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Relogo versions = 0.4.2...

WordPress SVG Complete plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Complete versions = 1.0.2...