Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible fo
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and outp
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers,
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'rave
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files.
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the uplo
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output es
The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and outp
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outpu
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and ou
The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization an
The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component a
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output es
CVE-2024-7772
CRITICAL CVSS 9.8
Find Similar
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This ma
The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sani
The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitizati
The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and outpu
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output e
The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escap
Page 1+ Next →