The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.

Related CVEs

CVE-2024-4271

Key Information

GHSA ID

GHSA-3xp5-7h92-mqvv

Published

June 14, 2024 6:34 AM

Last Modified

July 3, 2024 6:45 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.