5 matches found
EUVD-2023-34009
Malicious code in bioql PyPI...
Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,...
CVE-2023-2529
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-2529
CVE-2023-2529 concerns the WordPress plugin Enable SVG Uploads (<= 2.1.5). The issue is that uploaded SVGs are not sanitized, allowing a user with as little as Author privileges to upload an SVG containing an XSS payload. Reported details describe a stored XSS via SVG, with the vulnerable vers...
CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...