PT-2025-1629 · WordPress · Wp-Enable-Svg
Pierre Rudloff
·
Published
2025-01-02
·
Updated
2025-06-24
·
CVE-2024-11184
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
wp-enable-svg WordPress plugin versions 0.7 and earlier
wp-enable-svg WordPress plugin versions 0.2 and earlier
Description
The issue is related to the wp-enable-svg WordPress plugin, which does not sanitize SVG files when uploaded. This allows authors and above to upload SVGs containing malicious scripts.
Recommendations
For versions 0.7 and earlier, consider disabling SVG upload functionality until a patch is available.
For versions 0.2 and earlier, consider disabling SVG upload functionality until a patch is available.
As a temporary workaround, consider restricting access to the SVG upload feature to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Enable-Svg