1.0.3

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ideastocode

NVD

Published: 2023-07-17

Updated: 2024-11-21

Summary

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ideastocode Ideastocode Enable Svg, Webp & ICO Upload 1.0.0 Ideastocode Enable Svg, Webp & ICO Upload 1.0.1 Ideastocode Enable Svg, Webp & ICO Upload 1.0.3	3

References

https://wpscan.com/vulnerability/91898762-aa7d-4fbc-a016-3de48901e5de
https://wpscan.com/vulnerability/91898762-aa7d-4fbc-a016-3de48901e5de