Ideastocode: Security Vulnerabilities
The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-17
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
CVSS Score
3.4
EPSS Score
0.001
Published
2022-08-01
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-08-01