Authenticated Stored Cross-Site Scripting (XSS) vulnerability via malicious SVG file upload discovered by Universe (Patchstack Alliance) in WordPress Uploading SVG, WEBP and ICO files plugin (versions <= 1.0.1).
No patched version available.
CPE | Name | Operator | Version |
---|---|---|---|
uploading svg, webp and ico files | le | 1.0.1 |