cleantalk
Vulnerabilities and Security Researches

AVIF Support | AVIF Uploader, CVE-2024-9238

CVE, Research URL

CVE-2024-9238

Home page URL

Security reports for AVIF Support | AVIF Uploader

Application

AVIF Support | AVIF Uploader

Published on
May 16, 2025
Research Description
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Affected versions
Min -, max 1.1.1.
Status
vulnerable
Previous vulnerability researches
Wise Chat (CVE-2024-13613) , May 18, 2025
Wise Chat (CVE-2023-32504) , Jun 07, 2024
Wise Chat (CVE-2019-6780) , Jun 07, 2024
New vulnerability
Responsive Lightbox & Gallery (CVE-2025-3742) , May 19, 2025
Genesis Blocks (CVE-2024-3901) , May 19, 2025
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2024-5026) , May 19, 2025
ImageMagick Engine (CVE-2024-6486) , May 19, 2025
AI ChatBot (CVE-2025-0329) , May 19, 2025