The Uploading SVG, WEBP and ICO files WordPress plugin up to and including 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
uploading svg\\, webp and ico files project uploading svg\\, webp and ico files |