4 matches found
WordPress WebP & SVG Support plugin <= 1.4.0 - Author+ Stored XSS via SVG vulnerability
Author+ Stored XSS via SVG vulnerability discovered by Bob Matyas, Rayhan Ramdhany Hanaputra in WordPress Plugin WebP & SVG Support versions = 1.4.0...
CVE-2024-3633
CVE-2024-3633 affects the WordPress plugin WebP & SVG Support (versions ≤ 1.4.0). The issue is that uploaded SVG files are not sanitised, enabling a user with Author+ privileges to upload a malicious SVG containing XSS payloads. The CVSSv3 base score is 5.4 (Medium). The vulnerability is mitigate...
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...