WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability
Software
Enable SVG, WebP & ICO Upload
PSID
9e1794b8627d
Classification
Arbitrary File Upload
OWASP Top 10
A1: Injection
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-08-01
Patchstack vPatch available since
09.12.2021
Details
Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance) in WordPress Enable SVG, WebP & ICO Upload plugin (versions <= 1.0.1).
Solution
No patched version available.
References