GHSA-j77f-79w9-rghc

Suggest an improvement
Source
https://github.com/advisories/GHSA-j77f-79w9-rghc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-j77f-79w9-rghc/GHSA-j77f-79w9-rghc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j77f-79w9-rghc
Aliases
  • CVE-2024-11184
Published
2025-01-02T06:30:47Z
Modified
2025-02-07T21:12:01.867422Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded
Details

The wp-enable-svg WordPress plugin through 0.2 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-07T20:56:19Z",
    "nvd_published_at": "2025-01-02T06:15:06Z",
    "severity": "MODERATE"
}
References

Affected packages

Packagist / mwdelaney/wp-enable-svg

Package

Name
mwdelaney/wp-enable-svg
Purl
pkg:composer/mwdelaney/wp-enable-svg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.2

Affected versions

0.*
0.1
0.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-j77f-79w9-rghc/GHSA-j77f-79w9-rghc.json"