CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2024-9544

Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4280 – Poedit for MacOS Privilege Escalation Vulnerability

Next Article This AI Paper Introduces MathCoder-VL and FigCodifier: Advancing Multimodal Mathematical Reasoning with Vision-to-Code Alignment

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Microsoft has a new way to use AI in OneNote — but a “dumb” feature excites me more

CVE-2024-7096 – WSO2 SOAP Admin Privilege Escalation Vulnerability

CVE-2025-48905 – Arkweb V8 Wasm Exception Capture Vulnerability

CVE-2025-28957 – OwnerRez Cross-Site Scripting

Man Cures 5-Year Jaw Problem in 60 Seconds Using ChatGPT, Doctors Are Stunned

Rilasciato KDE Frameworks 6.15: Miglioramenti e Correzioni

CVE-2025-21470 – Apache Image Toolkit Buffer Overflow

Unsophisticated Hackers Targeting ICS/SCADA Systems: CISA

CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

Related Posts