Описание
The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.
EPSS
Процентиль: 18%
0.00059
Низкий
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 4.3
github
4 месяца назад
The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.
EPSS
Процентиль: 18%
0.00059
Низкий
4.3 Medium
CVSS3