Stored Cross-Site Scripting vulnerability in Graphicsly plugin
CVE-2024-9069

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Graphicsly – The Ultimate Graphics Plugin For WordPress Website Builder ( Gutenberg, Elementor, Beaver Builder, WPbakery )
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-9069?

The Graphicsly plugin for WordPress, which integrates seamlessly with website builders such as Gutenberg, Elementor, Beaver Builder, and WPBakery, is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This issue arises from inadequate input sanitization and output escaping, allowing authenticated users with Author access or higher to upload SVG files that can contain malicious scripts. When these files are accessed, they execute these scripts within the context of the user’s browser, compromising the integrity of the affected WordPress sites. Immediate action is recommended to patch this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) * <= 1.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/graphicsly/#developers

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 25, 2024

JSON

WordPress