CVE-2024-11847

WP SVG Upload <= 1.0.0 - Author+ Stored XSS via SVG

Description

The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.

INFO

Published Date :

2025-03-26T06:00:02.270Z

Last Modified :

2025-03-26T19:02:33.515Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-11847 vulnerability.

Vendors	Products
Wp Svg Upload Project	Wp Svg Upload

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11847.

URL	Resource
https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact