Plugin Failure: Unsanitized SVG Uploads Can Trigger XSS Attacks
CVE-2024-10482

Currently unrated

Key Information:

Vendor: Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin
Status: Media File Rename, Find Unused File, Add Alt Text, Caption, Desc For Image Seo
Vendor: CVE Published:; 21 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Affected Version(s)

Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO 0 < 1.5.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10482 - Proof of Concept

References

https://wpscan.com/vulnerability/46cbd4bb-b6f3-49e8-8d79-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Nov 21, 2024
👾
Exploit known to exist
Nov 21, 2024
Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Oct 28, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Bob Matyas

WPScan