Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High0
Medium5
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-02-24

CVE-2024-10222 - Svg Support Plugin

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors.

PLUGIN Svg Support

CVE-2024-10222

MEDIUM CVSS 6.4 2025-02-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6708 - Svg Support Plugin

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files.

PLUGIN Svg Support

CVE-2023-6708

MEDIUM CVSS 5.4 2024-07-18
Open Full Technical Breakdown
Threat Entry Updated 2025-05-19

CVE-2024-3633 - Svg Support Plugin

The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

PLUGIN Svg Support

CVE-2024-3633

MEDIUM CVSS 5.4 2024-06-26
Open Full Technical Breakdown
Threat Entry Updated 2025-05-21

CVE-2022-1755 - Svg Support Plugin

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks

PLUGIN Svg Support

CVE-2022-1755

MEDIUM CVSS 5.4 2022-09-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24686 - Svg Support Plugin

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Svg Support

CVE-2021-24686

MEDIUM CVSS 4.8 2022-02-01
Open Full Technical Breakdown
Scroll to top