Lucene search
Rayhan Ramdhany HanaputraWPEX-ID:7A3B89CC-7A81-448A-94FC-36A7033609D5HistoryMay 24, 2024 - 12:00 a.m.
SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-05-2400:00:00
Rayhan Ramdhany Hanaputra
7
svgmagic 1.1
stored xss
svg upload
media page
author role
malicious payload
github
access
exploit
Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
1. Create a SVG file with the malicious payload within it; Example SVG file: https://github.com/codesecure-org/xss-svg/blob/main/1.svg?short_path=97b023c
2. As a user with the Author role, go to the "Media" page and upload the SVG file
3. Access the uploaded file directly
4. You will see the XSSRelated
vulnrichment
vulnrichment
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-06-14 06:00:04
wpvulndb
wpvulndb
SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-05-24 00:00:00
cve
cve
CVE-2024-4270
2024-06-14 06:15:12
cvelist
cvelist
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-06-14 06:00:04
nvd
nvd
CVE-2024-4270
2024-06-14 06:15:12
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:7A3B89CC-7A81-448A-94FC-36A7033609D5