AVIF Support | AVIF Uploader, CVE-2024-9238
- CVE, Research URL
- Home page URL
- Application
- Published on
- May 16, 2025
- Research Description
- The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
- Affected versions
-
Min -, max 1.1.1.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Jetpack Feedback Exporter (CVE-2025-32251) , Apr 06, 2025 |