WordPress Plugin Vulnerabilities

SVGMagic <= 1.1 - Stored XSS via SVG Upload

Description

The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.

Proof of Concept

1. Create a SVG file with the malicious payload within it; Example SVG file: https://github.com/codesecure-org/xss-svg/blob/main/1.svg?short_path=97b023c
2. As a user with the Author role, go to the "Media" page and upload the SVG file
3. Access the uploaded file directly
4. You will see the XSS

Affects Plugins

Plugin icon
svgmagic
No known fix

References

CVE
CVE-2024-4270

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Rayhan Ramdhany Hanaputra
Submitter
Rayhan Ramdhany Hanaputra
Submitter twitter
hanz0x17
Verified
Yes
WPVDB ID
7a3b89cc-7a81-448a-94fc-36a7033609d5

Timeline

Publicly Published
2024-05-24 (about 1 months ago)
Added
2024-05-24 (about 1 months ago)
Last Updated
2024-05-24 (about 1 months ago)

Other

Published
Title
Published
2022-02-01
Title
Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting
Published
2022-01-18
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
Published
2024-04-29
Title
Elementor ImageBox <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-05
Title
Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2014-08-01
Title
Video Metabox 1.1 - Stored Cross-Site Scripting (XSS)