Headline
CVE-2022-36343: WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Verified
Not fixed
3.4
CVSS 3.1 score Low severity
Monitoring Coming soon
Software
Enable SVG, WebP & ICO Upload
PSID
0a0bab4baa5d
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-08-01
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability via malicious SVG file upload discovered by Kim Jong Min aka Universe (Patchstack Alliance) in WordPress Enable SVG, WebP & ICO Upload plugin (versions <= 1.0.1).
Solution
No patched version available.
References