AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
wpscan.com/vulnerability/82f8d425-449a-471f-94df-8439924fd628