Base Score

MEDIUM4.8

CVE-2024-11184

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts

VectorNETWORK

Published Bycontact@wpscan.com

Published DateJan 02, 2025, 06:15

Affected Versions(1)

mwdelaney/wp-enable-svg(Packagist)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mwdelaney/wp-enable-svg(Packagist)	0	N/A	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/

Base Score

MEDIUM4.8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE