cleantalk
Vulnerabilities and Security Researches

AVIF Support | AVIF Uploader, CVE-2024-9238

CVE, Research URL

CVE-2024-9238

Home page URL

Security reports for AVIF Support | AVIF Uploader

Application

AVIF Support | AVIF Uploader

Published on
May 16, 2025
Research Description
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Affected versions
Min -, max 1.1.1.
Status
vulnerable
Previous vulnerability researches
Emails Blacklist for Everest Forms (4e0b8221f9787e16f8849dff3026eadc73126b28) , Jun 07, 2024
New vulnerability
MapPress Maps for WordPress (CVE-2024-8620) , May 19, 2025
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2024-9390) , May 19, 2025
If-So Dynamic Content Personalization (CVE-2024-5440) , May 19, 2025
Responsive Lightbox & Gallery (CVE-2025-3742) , May 19, 2025
Genesis Blocks (CVE-2024-3901) , May 19, 2025