Stored Cross-Site Scripting via SVG File uploads in Mime Config plugin

CVE-2024-10017

What is CVE-2024-10017?

The PJW Mime Config plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through SVG file uploads. This issue arises from inadequate input sanitization and output escaping processes present in the plugin. Authenticated users with Author-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages, compromising user interactions whenever the SVG file is accessed. This security risk underscores the importance of robust input handling mechanisms within WordPress plugins to protect against malicious script injections.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References