Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-974v-472p-48vr

Опубликовано: 05 дек. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 6.4

Описание

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Ссылки

EPSS

Процентиль: 2%
0.00014
Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2025-12163

Дефекты

CWE-434

Связанные уязвимости

nvd логотип

CVE-2025-12163

CVSS3: 6.4
nvd
2 месяца назад

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

EPSS

Процентиль: 2%
0.00014
Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2025-12163

Дефекты

CWE-434