PT-2023-20014 · WordPress · Enable Svg Uploads
Mateus Machado Tesser
·
Publicado
2023-07-10
·
Atualizado
2023-07-17
·
CVE-2023-2529
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Enable SVG Uploads WordPress plugin versions 2.1.5 and earlier
Description
The issue concerns the Enable SVG Uploads WordPress plugin, which fails to properly sanitise uploaded SVG files. This could potentially allow users with a role as low as Author to upload malicious SVG files containing XSS payloads.
Recommendations
For Enable SVG Uploads WordPress plugin versions 2.1.5 and earlier, update to a version that properly sanitises uploaded SVG files to prevent the upload of malicious content.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Enable Svg Uploads