Lucene search
Rayhan Ramdhany HanaputraWPVDB-ID:C1FE0BC7-A340-428E-A549-1E37291BEA1CHistoryMay 24, 2024 - 12:00 a.m.
SVGator <= 1.2.6 - Stored XSS via SVG Upload
2024-05-2400:00:00
Rayhan Ramdhany Hanaputra
wpscan.com
3
svgator
stored xss
unfiltered upload
Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PoC
1. Create a SVG file with the malicious payload within it; Example SVG file: https://github.com/codesecure-org/xss-svg/blob/main/1.svg?short_path=97b023c 2. As a user with the Author role, go to the “Media” page and upload the SVG file 3. Access the uploaded file directly 4. You will see the XSS
Related
cvelist
cvelist
CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload
2024-06-14 06:00:04
cve
cve
CVE-2024-4271
2024-06-14 06:15:12
nvd
nvd
CVE-2024-4271
2024-06-14 06:15:12
wpexploit
wpexploit
SVGator <= 1.2.6 - Stored XSS via SVG Upload
2024-05-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload
2024-06-14 06:00:04
wordfence
wordfence
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:C1FE0BC7-A340-428E-A549-1E37291BEA1C