exploitDog

GHSA-rvg8-5pwj-4mc5

Опубликовано: 22 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.7

Описание

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads

Ссылки

EPSS

Процентиль: 22%

0.00073

Низкий

4.7 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-9487

CVSS3: 4.7

nvd

5 месяцев назад

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads

EPSS

Процентиль: 22%

0.00073

Низкий

4.7 Medium

CVSS3

CVE ID