Get Started

WordPress: Unsanitized SVG Upload Vulnerability in wp-enable-svg Plugin

by the Hossted team
03.01.2025

In wp-enable-svg WordPress plugin through version 0.7 a medium severity vulnerability CVE-2024-11184 was detected. This vulnerability allows authors and higher-privileged users to upload SVG files containing malicious scripts due to insufficient sanitization during file uploads. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11184.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR