CVE-2023-2529
MediumPublic PoC
Published: 10 July 2023
Published
10 July 2023
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.0014
33.2th percentile
Risk Priority
11
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-2529 is a medium-severity an unspecified weakness vulnerability in Enable Svg Uploads Project Enable Svg Uploads. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-34009
Vulnerability details
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
enable svg uploads project
enable svg uploads
≤ 2.1.5
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.