4 matches found
CVE-2024-4269
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4269
CVE-2024-4269 affects the WordPress plugin SVG Block, with versions prior to 1.1.20 not sanitizing SVG contents, enabling stored XSS via SVG uploads by users with author-level privileges. A fix is available in version 1.1.20 or later; multiple sources (NVD, Patchstack) confirm the stored XSS via ...