CVE-2024-12163: GoodLayers Core < 2.1.3 - Subscriber+ Stored XSS via SVG Upload
Description
The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.
Classification
CVE ID: CVE-2024-12163
Affected Products
Vendor: Unknown
Product: goodlayers-core
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.77% (scored less or equal to compared to others)
EPSS Date: 2025-02-28 (when was this score calculated)