Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Aug 28, 2024

Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

CVE-2023-7085

Description

The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Scalable Vector Graphics (SVG)description
WordPress/Scalable Vector Graphics (SVG)llm-create
Range: <=3.4

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/a2ec1308-75a0-49d0-9288-33c6d9ee4328/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000