3 matches found
CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-4460
CVE-2023-4460 affects the WordPress plugin “Uploading SVG, WEBP and ICO files” up to version 1.2.1. The root cause is lack of sanitisation of uploaded SVG files, enabling stored cross-site scripting (XSS) when a user with as little as Author privileges uploads an SVG containing malicious payloads...