cleantalk
Vulnerabilities and Security Researches

WebP & SVG Support, CVE-2024-3633

CVE, Research URL

CVE-2024-3633

Home page URL

Security reports for WebP & SVG Support

Application

WebP & SVG Support

Published on
Jun 26, 2024
Research Description
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Affected versions
Min -, max 1.4.0.
Status
vulnerable
Previous vulnerability researches
WebP & SVG Support (CVE-2024-3633) , Jun 28, 2024
SVG Support (CVE-2022-23638) , May 06, 2025
SVG Support (CVE-2022-4022) , Jun 07, 2024
SVG Support (CVE-2021-24686) , Jun 07, 2024
SVG Support (CVE-2022-1755) , Jun 07, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025