CVE-2024-7301 in File Upload Plugininfo

Zusammenfassung

von MITRE • 16.08.2024

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Wordfence

Reservieren

30.07.2024

Veröffentlichung

16.08.2024

Moderieren

akzeptiert

Eintrag

VDB-274816

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

6.1 (NVD)

EPSS

0.03281

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-7301
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-7301
CVE Details	https://www.cvedetails.com/cve/CVE-2024-7301/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!