CVE-2024-10269
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
<h4>Direct Upload SVG Files into WordPress</h4>
<p>EASY SVG Support is a Plugin which allows you to upload SVG Files into your Media library. This plugin was created for persons, who don’t need much options for SVG.</p>
<h4>Features of the plugin include:</h4>
<ul>
<li>Uploading SVG Support for WordPress</li>
<li>Easy installation</li>
<li>Display SVG Files in the Media Libary</li>
<li>SVG Sanitize Files direcly </li>
<li>SVG Sanitize – Custom Hooks for Tags and Attributes</li>
<li>Updated for the new WordPress Gutenberg Editor</li>
<li>Support for PHP 8.2</li>
</ul>
<h4>Documentation & Support</h4>
<p>Got a problem or need help with Easy SVG Support? Than you can write me an e-mail:</p>
<p>[email protected] or you can ask your question in the forums section.</p>
WordPress Plugin Directory