How severe is CVE-2024-11644?

CVE-2024-11644 has a CVSS v3 score of 5.9 (MEDIUM).

CVE-2024-11644

Name: wp-svg
Author: salko

5.9MEDIUM

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users w

Published: 12/27/2024Updated: 5/14/2025

Description

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

AI AnalysisPowered by AI

Affected Products

salkowp-svg

References

https://wpscan.com/vulnerability/5b6a80f1-369c-4dd2-877e-60b724084819/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/5b6a80f1-369c-4dd2-877e-60b724084819/
ExploitThird Party Advisory