CVE-2024-4272

The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Support SVG Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Support SVG Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d70333b5396 Credits Francesco Carlucci Required...

WordPress Support SVG Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Support SVG Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4272 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c36e42fd0ca Credits Rayhan Ramdhany Hanaputra...

CVE-2024-4272

The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-4272

CVE-2024-4272 affects the WordPress plugin Support SVG (versions before 1.1.0). The issue: SVG file contents are not sanitized, enabling users with at least the author role to upload SVGs that can execute malicious JavaScript, leading to Stored XSS. Connected sources corroborate the vulnerability...