Vulnerability Details CVE-2024-3633
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.8%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-3633
-
cpe:2.3:a:rezakhan995:webp_&_svg_support:*