Ideastocode Enable Svg Webp Ico Upload vulnerabilities
3 known vulnerabilities affecting ideastocode/enable_svg_webp_ico_upload.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-34154P2HIGHCVSS 8.8Exploited≤ 1.0.12022-08-01
CVE-2022-34154 [HIGH] CWE-434 CVE-2022-34154: Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
nvd
CVE-2022-36343P4MEDIUMCVSS 5.4≤ 1.0.12022-08-01
CVE-2022-36343 [MEDIUM] CWE-79 CVE-2022-36343: Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasT
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
nvd
CVE-2023-2143P4MEDIUMCVSS 5.4≤ 1.0.32023-07-17
CVE-2023-2143 [MEDIUM] CWE-79 CVE-2023-2143: The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents
The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
nvd