CVE-2024-8378

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

Summary

CVE-2024-8378: This vulnerability affects the Safe SVG WordPress plugin before version 2.2.6. The plugin's sanitization code only runs for paths that call wp_handle_upload, but it fails to do so for paths using wp_handle_sideload. This oversight can lead to arbitrary file uploads through raw POST data. Attackers may exploit this vulnerability to upload malicious SVG files, posing a potential security risk. WordPress users are advised to update the plugin to the latest version to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Safe Svg

Affected Vendors

WordPress Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ySTejO
https://www.cve.org/CVERecord?id=CVE-2024-8378
https://nvd.nist.gov/vuln/detail/CVE-2024-8378

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners