Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34009

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00523EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.140 views

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,...

6.1AI score0.0035EPSS
Exploits2
NVD
NVD
added 2023/07/10 4:15 p.m.22 views

CVE-2023-2529

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS5.3AI score0.00523EPSS
Exploits2References1
CVE
CVE
added 2023/07/10 12:40 p.m.39 views

CVE-2023-2529

CVE-2023-2529 concerns the WordPress plugin Enable SVG Uploads (&lt;= 2.1.5). The issue is that uploaded SVGs are not sanitized, allowing a user with as little as Author privileges to upload an SVG containing an XSS payload. Reported details describe a stored XSS via SVG, with the vulnerable vers...

5.4CVSS5.6AI score0.00523EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.23 views

CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.5AI score0.00523EPSS
Exploits2References1
Rows per page
Query Builder