Vulnerability Details CVE-2023-2529
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-2529
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.6.3
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.6.4
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.7.0
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.8.0
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.8.1
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.8.2
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.8.3
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.8.4
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:1.9.1
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.0.0
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.0.2
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.0
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.1
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.2
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.3
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.4
-
cpe:2.3:a:enable_svg_uploads_project:enable_svg_uploads:2.1.5