CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:andibauer:svgmagic:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7a3b89cc-7a81-448a-94fc-36a7033609d5/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7a3b89cc-7a81-448a-94fc-36a7033609d5/ - Exploit, Third Party Advisory

29 Jul 2024, 16:31

Type Values Removed Values Added
First Time Andibauer svgmagic
Andibauer
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://wpscan.com/vulnerability/7a3b89cc-7a81-448a-94fc-36a7033609d5/ - () https://wpscan.com/vulnerability/7a3b89cc-7a81-448a-94fc-36a7033609d5/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:andibauer:svgmagic:*:*:*:*:*:wordpress:*:*
CWE CWE-79

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) El complemento SVGMagic de WordPress hasta la versión 1.1 no sanitiza el contenido del archivo SVG, lo que permite a los usuarios con al menos el rol de autor de SVG con JavaScript malicioso realizar ataques XSS almacenado.

14 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 06:15

Updated : 2024-11-21 09:42


NVD link : CVE-2024-4270

Mitre link : CVE-2024-4270

CVE.ORG link : CVE-2024-4270


JSON object : View

Products Affected

andibauer

  • svgmagic
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')