Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-9238
- EPSS 0.05%
- Veröffentlicht 15.05.2025 20:16:00
- Zuletzt bearbeitet 12.06.2025 16:31:47
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
6.4
CVE-2024-9060
- EPSS 0.24%
- Veröffentlicht 01.10.2024 10:15:03
- Zuletzt bearbeitet 04.10.2024 13:51:25
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Autho...
1