4 matches found
WordPress Easy SVG Support plugin <= 3.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via SVG
Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Easy SVG Support plugin versions = 3.2.0. Solution Update the WordPress Easy SVG Support plugin to the latest available version at least 3.3.0...
WordPress Allow svg files plugin <= 1.0 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Luan Pedersini in WordPress Allow svg files plugin versions = 1.0. Solution Update the WordPress Allow svg files plugin to the latest available version at least 1.1...
WordPress Enable SVG plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability via SVG
Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Enable SVG plugin versions = 1.3.1. Solution Update the WordPress Enable SVG plugin to the latest available version at least 1.4.0...
WordPress External Media without Import plugin <= 1.1.2 - Server-Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress External Media without Import plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of March 28, 2022 and is not available for download. This closure is temporary, pending a...