Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in CITS Support svg, webp Media and TTF,OTF File Upload 3.0

  • Severity: medium-risk
  • Status: Open
  • Publication: October 9, 2023

The CITS Support plugin for WordPress, which allows users to upload SVG, webp, TTF, and OTF files, is vulnerable to a type of attack called Stored Cross-Site Scripting. This type of attack could allow an authenticated user with Author permissions or higher to inject malicious code into webpages. If a user visits an injected page, the malicious code will execute. This vulnerability exists in the CITS Support plugin up to and including version 2.1.0, because the plugin does not properly sanitize the SVG files before they are uploaded.

Detected in:

CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts fixed vulnerable versions:
CITS Support SVG, WEBP, ICO Media and TTF,OTF File Upload fixed vulnerable versions:
CITS Support svg, webp Media and TTF,OTF File Upload open vulnerable versions: >= * < 3.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.