Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbAfeefWPVDB-ID:E9B48B19-14CC-41AD-A029-F7F9AE236E4E
HistoryJun 14, 2021 - 12:00 a.m.

WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG

2021-06-1400:00:00
Afeef
wpscan.com
7

0.001 Low

EPSS

Percentile

25.0%

JSON

The plugin did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.

PoC

As an author, upload a malicious SVG and then access it directly (ie https://example.com/wp-content/uploads/2021/06/xss.svg) to trigger the XSS

CPENameOperatorVersion
wp-svg-imageslt3.4

Related

nvd 1
cvelist 1
wpexploit 1
prion 1
cve 1
patchstack 1
nvd
nvd
CVE-2021-24386
2021-07-06 11:15:08
cvelist
cvelist
CVE-2021-24386 WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG
2021-07-06 11:03:28
wpexploit
wpexploit
WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG
2021-06-14 00:00:00
prion
prion
Design/Logic Flaw
2021-07-06 11:15:00
cve
cve
CVE-2021-24386
2021-07-06 11:15:08
patchstack
patchstack
WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file
2021-06-14 00:00:00

0.001 Low

EPSS

Percentile

25.0%

JSON
Related for WPVDB-ID:E9B48B19-14CC-41AD-A029-F7F9AE236E4E
nvd1cvelist1wpexploit1prion1cve1patchstack1