Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.6 views

CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...

8.8CVSS6.5AI score0.00562EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/21 9:0 p.m.5 views

WordPress cits-support-svg-webp-media-upload plugin <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion vulnerability

Cross-Site Request Forgery to Font Assignment Deletion vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

4.3CVSS8.7AI score0.00139EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/04 9:28 p.m.20 views

CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6AI score0.00932EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/04 9:28 p.m.24 views

CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.5AI score0.00932EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/10/11 12:0 a.m.19 views

WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...

5.4CVSS5.7AI score0.0039EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2022/08/23 4:15 p.m.3 views

CVE-2022-36285

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...

7.2CVSS5.8AI score0.00946EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/23 3:48 p.m.6 views

CVE-2022-36285 WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...

7.2CVSS7AI score0.00946EPSS
Exploits0References2
Rows per page
Query Builder