CVE-2024-11644

Name of the Vulnerable Software and Affected Versions WP-SVG WordPress plugin versions 0.9 and prior

Description The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For WP-SVG WordPress plugin versions 0.9 and prior, as a temporary workaround, consider disabling the use of shortcode attributes until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.