CVE-2024-4269

SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload

Description

The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.

INFO

Published Date :

2024-07-13T06:00:05.955Z

Last Modified :

2024-08-01T20:33:53.069Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-4269 vulnerability.

Vendors	Products
Boldblocks	Svg Block
Phiphan	Svg Block

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4269.

URL	Resource
https://wpscan.com/vulnerability/8aae7aa1-6170-45d8-903f-8520913276da/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact