Lucene search
Mateus Machado TesserWPVDB-ID:4AC03907-2373-48F0-BCA1-8F7073C06B18HistoryJun 19, 2023 - 12:00 a.m.
Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-06-1900:00:00
Mateus Machado Tesser
wpscan.com
4
svg uploads
version 2.1.5
author role
stored xss
sanitization
0.001 Low
EPSS
Percentile
19.6%
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
PoC
1. Upload a malicious SVG: 2. Add to post and view SVG to see XSS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enable-svg-uploads | eq | * |
Related
nvd
nvd
CVE-2023-2529
2023-07-10 16:15:51
prion
prion
Design/Logic Flaw
2023-07-10 16:15:00
wpexploit
wpexploit
Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-06-19 00:00:00
cve
cve
CVE-2023-2529
2023-07-10 16:15:51
cvelist
cvelist
CVE-2023-2529 Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
2023-07-10 12:40:43
wordfence
wordfence