Skip to main content

Uploading Svg Webp And Ico Files

3 CVEs product

Monthly

CVE-2023-4460 MEDIUM POC This Month

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Uploading Svg Webp And Ico Files
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-36285 HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34648 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
5.4
EPSS
0.4%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Uploading Svg Webp And Ico Files
NVD WPScan
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Uploading Svg Webp And Ico Files
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy