The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-06-14T06:00:04.481Z
Updated: 2024-08-01T20:33:53.193Z
Reserved: 2024-04-26T19:25:30.648Z
Link: CVE-2024-4270
Vulnrichment
Updated: 2024-08-01T20:33:53.193Z
NVD
Status : Analyzed
Published: 2024-06-14T06:15:12.827
Modified: 2024-07-29T16:31:09.117
Link: CVE-2024-4270
Redhat
No data.