Описание
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded
The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts
Пакеты
Наименование
mwdelaney/wp-enable-svg
composer
Затронутые версииВерсия исправления
<= 0.2
Отсутствует
Связанные уязвимости
CVSS3: 4.8
nvd
около 1 года назад
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts