Stored Cross-Site Scripting via SVG File Uploads Vulnerability in Easy SVG Upload Plugin
CVE-2024-9708
5.4MEDIUM
What is CVE-2024-9708?
The Easy SVG Upload plugin for WordPress has a vulnerability associated with Stored Cross-Site Scripting that affects all versions up to and including 1.0. This vulnerability arises from inadequate input sanitization and output escaping when uploading SVG files. Authenticated users with Author-level access or higher can exploit this flaw to inject malicious web scripts into web pages. These scripts may execute whenever a user accesses the compromised SVG file, potentially leading to unauthorized actions within the site.
Affected Version(s)
Easy SVG Upload * <= 1.0