Описание
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:allow_svg_files_project:allow_svg_files:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:allow_svg_files_project:allow_svg_files:1.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 40%
0.00181
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
EPSS
Процентиль: 40%
0.00181
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79