Hanz0X17

#12276of 53,632
22.2Total CVSS
Vulnerabilities · 4
Medium
4
PT-2024-30108
6.1
2024-07-13
WordPress · Svg Block · CVE-2024-4269
**Name of the Vulnerable Software and Affected Versions** SVG Block WordPress plugin versions prior to 1.1.20 **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, enabling Stored XSS attacks due to the lack of sanitization of SVG file contents. **Recommendations** For versions prior to 1.1.20, update to version 1.1.20 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload SVG files to trusted users only until the update is applied.
PT-2024-30114
6.1
2024-07-13
WordPress · Support Svg Wordpress Plugin · CVE-2024-4272
**Name of the Vulnerable Software and Affected Versions** The Support SVG WordPress plugin versions prior to 1.1.0 **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, leading to Stored XSS attacks. This is due to the lack of sanitization of SVG file contents. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload SVG files to trusted users only until the update is applied.
PT-2024-30111
5.4
2024-06-14
WordPress · Svgmagic · CVE-2024-4270
**Name of the Vulnerable Software and Affected Versions** SVGMagic WordPress plugin versions 1.1 and earlier **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, leading to Stored XSS attacks. This is due to the plugin not sanitizing SVG file contents. **Recommendations** For SVGMagic WordPress plugin versions 1.1 and earlier, update to a version that sanitizes SVG file contents to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-30112
4.6
2024-06-14
WordPress · Svgator · CVE-2024-4271
**Name of the Vulnerable Software and Affected Versions** SVGator WordPress plugin versions 1.2.6 and earlier **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, enabling Stored XSS attacks due to the lack of sanitization of SVG file contents. **Recommendations** For SVGator WordPress plugin versions 1.2.6 and earlier, update to a version that sanitizes SVG file contents to prevent malicious JavaScript uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.