Search criteria
2 vulnerabilities by allow_svg_files_project
CVE-2022-2299 (GCVE-0-2022-2299)
Vulnerability from cvelistv5 – Published: 2022-07-25 12:48 – Updated: 2024-08-03 00:32
VLAI
Title
Allow SVG Files <= 1.1 - Author+ Stored Cross Site Scripting via SVG
Summary
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/29015c35-0470-41… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Allow svg files |
Affected:
1.1 , ≤ 1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/29015c35-0470-41b8-b197-c71b800ae2a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Allow svg files",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Luan Pedersini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T12:48:09.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/29015c35-0470-41b8-b197-c71b800ae2a9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Allow SVG Files \u003c= 1.1 - Author+ Stored Cross Site Scripting via SVG",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2299",
"STATE": "PUBLIC",
"TITLE": "Allow SVG Files \u003c= 1.1 - Author+ Stored Cross Site Scripting via SVG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Allow svg files",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Luan Pedersini"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/29015c35-0470-41b8-b197-c71b800ae2a9",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/29015c35-0470-41b8-b197-c71b800ae2a9"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2299",
"datePublished": "2022-07-25T12:48:09.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1939 (GCVE-0-2022-1939)
Vulnerability from cvelistv5 – Published: 2022-06-20 10:26 – Updated: 2024-08-03 00:24
VLAI
Title
Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload
Summary
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/4d7b62e1-558b-45… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Allow svg files |
Affected:
1.1 , < 1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Allow svg files",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Luan Pedersini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:26:20.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Allow SVG Files \u003c 1.1 - Admin+ Arbitrary File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1939",
"STATE": "PUBLIC",
"TITLE": "Allow SVG Files \u003c 1.1 - Admin+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Allow svg files",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Luan Pedersini"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1939",
"datePublished": "2022-06-20T10:26:20.000Z",
"dateReserved": "2022-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:42.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}