CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-4460

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.073

EPSS Ranking 91.2%

CVSS Severity

CVSS v3 Score 5.4

References

https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628
https://wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628

Products affected by CVE-2023-4460

None » None » Version:

_webp_and_ico_files:1.0.1
None » None » Version:

_webp_and_ico_files_project:uploading_svg
None » None » Version:

cpe:2.3:a:uploading_svg

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4460

Products

Pricing

Contact Us