Security Advisory

CVE-2024-8378

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-07 15:07:36

Last updated 2024-11-07 19:53:59

Assigner WPScan

State PUBLISHED

Description

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.

← Browse all CVEs View on cve.org ↗