7 matches found
CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...
WordPress cits-support-svg-webp-media-upload plugin <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion vulnerability
Cross-Site Request Forgery to Font Assignment Deletion vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...
CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)
Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...
CVE-2022-36285 WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...