Stored Cross-Site Scripting Vulnerability in MapSVG Plugin for WordPress
CVE-2024-9544
6.4MEDIUM
What is CVE-2024-9544?
The MapSVG plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping with SVG file uploads. This issue allows authenticated attackers with Contributor-level access and higher to inject malicious scripts, which get executed whenever a user accesses the compromised SVG file. Affected versions include all releases leading up to 8.6.4, posing a significant risk to users relying on this plugin for SVG functionalities.
Affected Version(s)
MapSVG * <= 8.6.4