The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
History

Fri, 22 Nov 2024 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Tinysolutions
Tinysolutions media Library Tools
CPEs cpe:2.3:a:tinysolutions:media_library_tools:*:*:*:*:*:*:*:*
Vendors & Products Tinysolutions
Tinysolutions media Library Tools
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 21 Nov 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Title Media Library Tools < 1.5.0 - Author+ Stored XSS via SVG
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-21T06:00:02.180Z

Updated: 2024-11-21T23:14:49.029Z

Reserved: 2024-10-28T18:58:41.293Z

Link: CVE-2024-10482

cve-icon Vulnrichment

Updated: 2024-11-21T23:14:39.286Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-21T11:15:16.810

Modified: 2024-11-22T00:15:04.100

Link: CVE-2024-10482

cve-icon Redhat

No data.