Moderate severityNVD Advisory· Published Jan 2, 2025· Updated Jan 6, 2025

WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG

CVE-2024-11184

Description

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mwdelaney/wp-enable-svgPackagist	<= 0.2	—

Affected products

WordPress/Wp Enable Webpcpe-rescue
Package: https://wordpress.org/plugins/wp-enable-webp
ghsa-coords
pkg:composer/mwdelaney/wp-enable-svg
Range: <= 0.2

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/mitreexploitvdb-entrytechnical-description
github.com/advisories/GHSA-j77f-79w9-rghcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-11184ghsaADVISORY
wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000