CVE-2024-9708
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
<p>Easy SVG Upload is your go-to solution for safely enabling SVG uploads in WordPress. This powerful plugin empowers you to seamlessly incorporate SVG files into your website, all while ensuring they are meticulously sanitized to thwart any potential SVG/XML vulnerabilities that could compromise your site’s security. Additionally, Easy SVG Upload offers the convenience of previewing your uploaded SVGs directly in the media library, across all views.</p>
<p>With Easy SVG Upload, you can confidently embrace the creative potential of SVG files within your WordPress site, all within a secure and user-friendly environment.</p>
<h4>Contributing & Bug Report</h4>
<p>Bug reports and pull requests are welcome on <a href="https://github.com/WordPress-Satkhira-Community/easy-svg-upload" rel="nofollow ugc">Github</a>.</p>
WordPress Plugin Directory