CVE-2024-11091

Vulnerability

The Support SVG plugin for WordPress (versions up to and including 1.1.0) is vulnerable to Stored Cross-Site Scripting (XSS) via SVG file uploads through the REST API. The plugin fails to properly sanitize SVG files and escape output, allowing malicious SVG content to be stored and executed. The vulnerability affects all versions up to 1.1.0 [1].

Exploitation

An authenticated attacker with at least Author-level access can upload a crafted SVG file containing malicious JavaScript via the WordPress REST API. The SVG file is stored in the media library. When any user (including administrators or visitors) accesses the SVG file, the embedded script executes in the context of the victim's browser.

Impact

Successful exploitation allows the attacker to inject arbitrary web scripts, leading to potential data theft, session hijacking, defacement, or other malicious actions. The attack is stored, meaning the payload persists and affects all users who view the SVG file.

Mitigation

The vulnerability is fixed in version 1.1.1 of the plugin, which includes enhanced sanitization of SVG files uploaded via the REST API [1]. Users should update to version 1.1.1 or later immediately. No workarounds are provided; updating is the recommended action.