CVE-2024-11091

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 79

Summary

CVE-2024-11091 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Support SVG – Upload svg files in wordpress without hassle plugin for WordPress. The flaw, present in all versions up to 1.1.0, allows authenticated attackers, with Author-level access or higher, to inject malicious web scripts into SVG files via the plugin's REST API. This vulnerability enables the attacker to execute those scripts whenever a user accesses the infected SVG file.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share