4 matches found
CVE-2024-4270
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4270
CVE-2024-4270 — SVGMagic WordPress plugin (<= 1.1) The vulnerability stems from the plugin not sanitizing SVG file contents, enabling an attacker with at least the author role to upload SVGs containing malicious JavaScript that can trigger Stored XSS. The issue is rooted in insufficient input ...
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...