CVE-2024-50590
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 8, 2024
CWE ID 732
CWE ID 250
CWE ID 276
Summary
CVE-2024-10269 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Easy SVG Support plugin for WordPress. This issue, which impacts versions up to and including 3.7, allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. The vulnerability arises from insufficient input sanitization and output escaping during REST API SVG file uploads, enabling the attacker's malicious code to be executed whenever a user accesses the affected SVG file.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Elefant