5 matches found
CVE-2022-34648
Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...
CVE-2022-34648
Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...
CVE-2022-34648 WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...
CVE-2022-34648 WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...
CVE-2022-34648
The CVE-2022-34648 entry affects the dmitrylitvinov Uploading SVG, WEBP and ICO files plugin for WordPress (versions ≤ 1.0.1). The root cause is an authenticated Stored XSS vulnerability introduced by allowing upload of SVG, WEBP, and ICO files; an author+ user can trigger stored scripts, leading...