exploitDog

CVE-2023-4460

Опубликовано: 04 дек. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Ссылки

https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uploading_svg\,_webp_and_ico_files_project:uploading_svg\,_webp_and_ico_files:*:*:*:*:*:wordpress:*:*

Версия до 1.2.1 (включая)

EPSS

Процентиль: 91%

0.07298

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5w5f-8x6p-gxf4

CVSS3: 5.4

github

около 2 лет назад

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

EPSS

Процентиль: 91%

0.07298

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79