CVE-2024-9544

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Related Vulnerabilities

CVE-2020-7302

MEDIUM
CVSS:6.4(Medium)

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management s...

CWE-4342020

CVE-2015-1785

MEDIUM
CVSS:6.5(Medium)

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the applicatio...

CWE-4342015

CVE-2015-4462

MEDIUM
CVSS:6.5(Medium)

Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from...

CWE-4342015

CVE-2015-4463

MEDIUM
CVSS:6.5(Medium)

The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.

CWE-4342015

CVE-2016-10959

MEDIUM
CVSS:6.5(Medium)

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.

CWE-4342016

CVE-2017-11561

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a ...

CWE-4342017