Vulnerabilities > CVE-2021-36895 - Unspecified vulnerability in Tripetto
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.
Vulnerable Configurations
References
- https://patchstack.com/database/vulnerability/tripetto/wordpress-tripetto-plugin-5-1-4-unauthenticated-cross-site-scripting-xss-vulnerability-via-svg-image-upload
- https://patchstack.com/database/vulnerability/tripetto/wordpress-tripetto-plugin-5-1-4-unauthenticated-cross-site-scripting-xss-vulnerability-via-svg-image-upload
- https://wordpress.org/plugins/tripetto/#developers
- https://wordpress.org/plugins/tripetto/#developers