3 matches found
WordPress Support SVG Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Support SVG Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4272 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c36e42fd0ca Credits Rayhan Ramdhany Hanaputra...
CVE-2024-4272 Support SVG < 1.1.0 - Stored XSS via SVG Upload
The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-4272 Support SVG < 1.1.0 - Stored XSS via SVG Upload
The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...