- Description
- The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-11098 (Published: 2024-11-19) - A medium severity vulnerability affects Wordfence. Ensure you're using the latest version to mitigate risks. For detailed remediation steps, check the full report: https://t.co/HmYPPRi28l #CyberSecurity #Wordfence
@transilienceai
22 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11098 (Published: 2024-11-19) - A high-severity vulnerability in WordPress SVG Block plugin. Affects versions prior to the latest update. 🔒 Remediation: Update to the latest version available at https://t.co/0s03Dh30CS to secure your site! #WordPress #CyberSecurity
@transilienceai
22 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11098 (Published: 2024-11-19) - A high-severity vulnerability in a WordPress plugin has been identified. Affected versions are vulnerable to exploitation. Users are urged to update to the latest version immediately to mitigate risks. More info: https://t.co/DbANnFL1xj
@transilienceai
22 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11098 The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insu… https://t.co/5UsBvuwdCZ
@CVEnew
19 Nov 2024
561 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes