The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tinysolutions
Tinysolutions media Library Tools |
|
CPEs | cpe:2.3:a:tinysolutions:media_library_tools:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tinysolutions
Tinysolutions media Library Tools |
|
Metrics |
cvssV3_1
|
Thu, 21 Nov 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |
Title | Media Library Tools < 1.5.0 - Author+ Stored XSS via SVG | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-21T06:00:02.180Z
Updated: 2024-11-21T23:14:49.029Z
Reserved: 2024-10-28T18:58:41.293Z
Link: CVE-2024-10482
Vulnrichment
Updated: 2024-11-21T23:14:39.286Z
NVD
Status : Awaiting Analysis
Published: 2024-11-21T11:15:16.810
Modified: 2024-11-22T00:15:04.100
Link: CVE-2024-10482
Redhat
No data.