Headline
CVE-2022-36285: WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability - Patchstack
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Verified
Not fixed
7.2
CVSS 3.1 score High severity
Monitoring Coming soon
Vulnerable versions
<= 1.0.1
PSID
b4c5eea831b8
Classification
Arbitrary File Upload
OWASP Top 10
A1: Injection
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-08-12
Details
Authenticated Arbitrary File Upload vulnerability discovered by Universe (Patchstack Alliance) in WordPress Uploading SVG, WEBP and ICO files plugin (versions <= 1.0.1).
Solution
No patched version is available. Ignored by the vendor.
References