Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG
Vulnerability Description
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
WordPress plugin 代码问题漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin 存在代码问题漏洞,该漏洞源于 WordPress File Upload 插件允许权限低至 Contributor 的用户上传 SVG 文件,以执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A