CVE Details
Basic Information
| Title |
CVE-2024-9544 |
| Type |
cve |
| Published |
2025-05-22T10:15:54 |
| Last Seen |
2025-05-22T10:22:02 |
CVSS Information
| Base Score |
6.4 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
LOW |
| User Interaction |
NONE |
| Scope |
CHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via SVG file uploads. This vulnerability affects all versions up to and including 8.6.4 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level permissions can upload a malicious SVG file containing JavaScript code, which will execute when viewed by other users, potentially leading to unauthorized actions or data theft. |
| AI Severity |
Medium |
| Vendor |
WordPress Community |
| Product |
MapSVG |
| Affected Version |
<= 8.6.4 |
Additional Information
| CVE List |
CVE-2024-9544 |
| CWE List |
CWE-434 |
| Bulletin Family |
cve |
Description
The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
