WordPress plugin Enable SVG, WebP, and ICO Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL-based servers. A co...

EUVD-2023-34009

Malicious code in bioql PyPI...

GHSA-J77F-79W9-RGHC The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...

The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,...

CVE-2023-2143

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability...

CVE-2023-2143

The CVE-2023-2143 entry concerns the WordPress plugin Enable SVG, WebP & ICO Upload (versions up to 1.0.3). Root cause: the plugin does not sanitize SVG contents, enabling Cross-Site Scripting. Impact is Cross-Site Scripting as described in multiple trusted sources. Exploitation details are not p...

CVE-2023-2143 Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability...

CVE-2023-2529

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-2529

CVE-2023-2529 concerns the WordPress plugin Enable SVG Uploads (&lt;= 2.1.5). The issue is that uploaded SVGs are not sanitized, allowing a user with as little as Author privileges to upload an SVG containing an XSS payload. Reported details describe a stored XSS via SVG, with the vulnerable vers...

CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-36343

Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin = 1.0.1 at WordPress...

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

CVE-2022-1562

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-1562

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress plugin Enable SVG 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Enable SVG plugin version 1.4.0 or earlier has a cross-site scripting vulnerability that...

WordPress Enable SVG plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability via SVG

Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Enable SVG plugin versions = 1.3.1. Solution Update the WordPress Enable SVG plugin to the latest available version at least 1.4.0...