5 matches found
CVE-2023-2529
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-2529
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-2529
CVE-2023-2529 concerns the WordPress plugin Enable SVG Uploads (<= 2.1.5). The issue is that uploaded SVGs are not sanitized, allowing a user with as little as Author privileges to upload an SVG containing an XSS payload. Reported details describe a stored XSS via SVG, with the vulnerable vers...
WordPress Enable SVG Uploads Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Enable SVG Uploads Type Plugin Vulnerable versions = 2.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2529 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30a7df5e4d4a Credits Mateus Machado Tesser...