4 matches found
CVE-2024-12574
creationtimestamp| type| source ---|---|--- 2024-12-13 04:33:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113643643641302838 2024-12-13 04:36:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113643656425958830 2024-12-13 07:24:09+00:00| seen| https://t.me/cvedetector/128...
CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-12574
CVE-2024-12574 concerns the WordPress plugin SVG Shortcode. The description in the initial document states it is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.1, caused by insufficient input sanitization and output escaping. Connected docum...