Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 3:25 a.m.7 views

CVE-2023-2529

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS5.9AI score0.00544EPSS
Exploits2References1
nvd
nvd
added 2023/07/10 4:15 p.m.22 views

CVE-2023-2529

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS5.3AI score0.00544EPSS
Exploits2References1
cvelist
cvelist
added 2023/07/10 12:40 p.m.28 views

CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.5AI score0.00544EPSS
Exploits2References1
cve
cve
added 2023/07/10 12:40 p.m.39 views

CVE-2023-2529

CVE-2023-2529 concerns the WordPress plugin Enable SVG Uploads (&lt;= 2.1.5). The issue is that uploaded SVGs are not sanitized, allowing a user with as little as Author privileges to upload an SVG containing an XSS payload. Reported details describe a stored XSS via SVG, with the vulnerable vers...

5.4CVSS5.6AI score0.00544EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2023/06/21 12:0 a.m.13 views

WordPress Enable SVG Uploads Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Enable SVG Uploads Type Plugin Vulnerable versions = 2.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2529 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30a7df5e4d4a Credits Mateus Machado Tesser...

5.4CVSS5.7AI score0.00544EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder