To plugin page

Verified

Not fixed

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

7.2

CVSS 3.1 score High severity

Report

Monitoring Not reported to be exploited

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Enable SVG, WebP & ICO Upload

Type

Plugin

Vulnerable versions

<= 1.0.3

Fixed in

N/A

PSID

9e1794b8627d

CVE ID

CVE-2022-34154

Classification

Arbitrary File Upload

OWASP Top 10

A1: Injection

Required privilege

Requires author or higher role user authentication.

Credits

Kim Jong Min aka Universe (Patchstack Alliance)

Publicly disclosed

2022-08-01

Details

Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance) in WordPress Enable SVG, WebP & ICO Upload plugin (versions <= 1.0.3).

Solution

No patched version available.

References

Other known vulnerabilities for Enable SVG, WebP & ICO Upload

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 1.0.3

3.4

01.08.2022

Submit vulnerabilities and become a verified Alliance member

Learn more

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Details

Solution

References

Other known vulnerabilities for Enable SVG, WebP & ICO Upload

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Details

Solution

References

Other known vulnerabilities for Enable SVG, WebP & ICO Upload

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!