Lucene search
Shivam RaiWPVDB-ID:38018695-901D-48D9-B39A-7C00DF7F0A4BHistoryJan 03, 2022 - 12:00 a.m.
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-0300:00:00
Shivam Rai
wpscan.com
13
svg support
cross-site scripting
admin+ stored
EPSS
0.001
Percentile
21.4%
The plugin does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
With the Advanced Mode enabled, put the following payload in the “CSS Class to target” setting: ">
Related
openvas
openvas
WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability
2022-02-08 00:00:00
cve
cve
CVE-2021-24686
2022-02-01 13:15:08
prion
prion
Cross site scripting
2022-02-01 13:15:00
wpexploit
wpexploit
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-02-01 12:21:19
nvd
nvd
CVE-2021-24686
2022-02-01 13:15:08
cnvd
cnvd
WordPress SVG Support plugin cross-site scripting vulnerability
2022-02-10 00:00:00