exploitDog

CVE-2023-2529

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Ссылки

https://wpscan.com/vulnerability/4ac03907-2373-48f0-bca1-8f7073c06b18
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4ac03907-2373-48f0-bca1-8f7073c06b18
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:*:*:*:*:*:wordpress:*:*

Версия до 2.1.5 (включая)

EPSS

Процентиль: 29%

0.00107

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-4mxm-g64v-4969

CVSS3: 5.4

github

больше 2 лет назад

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

EPSS

Процентиль: 29%

0.00107

Низкий

5.4 Medium

CVSS3

Дефекты