WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

With the Advanced Mode enabled, put the following payload in the "CSS Class to target" setting: "><script>alert(/XSS/)</script>

Affects Plugins

svg-support
Fixed in version 2.3.20

References

CVE
CVE-2021-24686
URL
https://plugins.trac.wordpress.org/changeset/2651929

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Shivam Rai

Submitter

Shivam Rai

Submitter twitter
shivam24rai
Verified

Yes

WPVDB ID
38018695-901d-48d9-b39a-7c00df7f0a4b

Timeline

Publicly Published

2022-01-03 (about 1 years ago)

Added

2022-01-03 (about 1 years ago)

Last Updated

2022-04-16 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin