Lucene search
+L

73 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.6 views

CVE-2024-9850

The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

6.4CVSS5AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/18 8:21 a.m.4 views

CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.6AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.6 views

WordPress plugin Z Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS6.6AI score0.00317EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

WordPress plugin Ayyash Studio The kick-start kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Ayyash Studio The kick-start kit 1.0.3 an...

6.4CVSS7.6AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

Contao 跨站脚本漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that stems from the fact that users can upload SVG files...

5.4CVSS6.3AI score0.00203EPSS
Exploits0References4
Snyk
Snyk
added 2025/02/21 10:14 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of SVG uploads. An attacker can inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files. Details Cross-site scripting or XS...

6.1CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2025/02/21 4:15 a.m.2 views

CVE-2024-13379

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score
Exploits0References4
Patchstack
Patchstack
added 2025/01/30 8:8 a.m.6 views

WordPress GoodLayers Core plugin < 2.1.3 - Subscriber+ Stored XSS via SVG Upload vulnerability

Subscriber+ Stored XSS via SVG Upload vulnerability discovered by Amine SAJID in WordPress Plugin Goodlayers Core versions 2.1.3...

6.5CVSS6AI score0.00263EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.5 views

PT-2024-39722 · WordPress · Wp Shapes

Name of the Vulnerable Software and Affected Versions: WP SHAPES plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS8.4AI score0.00276EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.10 views

PT-2024-16752 · WordPress · The Support Svg – Upload Svg Files In Wordpress Without Hassle

Name of the Vulnerable Software and Affected Versions: The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input...

6.4CVSS6.2AI score0.00391EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-10981 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6 Description: A stored cross-site scripting XSS vulnerability was discovered, affecting the profile settings when a user uploads an SVG file containing a malicious XSS payload. When the avatar is opened ...

7.8CVSS6.9AI score0.00285EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.15 views

PT-2024-15977 · WordPress · Pjw Mime Config

Name of the Vulnerable Software and Affected Versions: PJW Mime Config plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers...

6.4CVSS8AI score0.0032EPSS
Exploits0References7
OSV
OSV
added 2024/10/18 11:15 a.m.3 views

CVE-2024-9674

The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2024/10/18 5:15 a.m.4 views

CVE-2024-9373

The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

5.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2024/10/10 2:15 a.m.3 views

CVE-2024-9072

The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-39399 · WordPress · Elementor Inline Svg

Name of the Vulnerable Software and Affected Versions: Elementor Inline SVG plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References7
OSV
OSV
added 2024/10/04 10:15 a.m.8 views

CVE-2024-9271

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

5.4CVSS5.9AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.6 views

PT-2024-39470 · WordPress · Demo Importer Plus

Name of the Vulnerable Software and Affected Versions: Demo Importer Plus plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00303EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.5 views

PT-2024-39527 · WordPress · Relogo

Name of the Vulnerable Software and Affected Versions: Relogo plugin for WordPress versions up to, and including, 0.4.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.2AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.10 views

PT-2024-37875 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6AI score0.00366EPSS
Exploits0References10
Rows per page
Query Builder