CVE-2024-11093

Name of the Vulnerable Software and Affected Versions SG Helper plugin for WordPress version 1.0

Description The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Administrator-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Recommendations For version 1.0, consider disabling the SVG file upload feature until a patch is available to prevent exploitation. Restrict access to the vulnerable plugin to minimize the risk of arbitrary web script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.