CVE-2019-18932

Current Description

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.

Basic Data

PublishedNovember 11, 2019
Last ModifiedNovember 12, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSafe Svg ProjectSafe Svg*****CVE-2007-2829**1.9.4

Vulnerable Software List

VendorProductVersions
Safe Svg Project Safe Svg *

References

NameSourceURLTags
https://fortiguard.com/zeroday/FG-VD-19-113https://fortiguard.com/zeroday/FG-VD-19-113MISCThird Party Advisory
https://plugins.trac.wordpress.org/changeset/2185438https://plugins.trac.wordpress.org/changeset/2185438MISCThird Party Advisory
https://wordpress.org/plugins/safe-svg/#developershttps://wordpress.org/plugins/safe-svg/#developersMISCRelease Notes Third Party Advisory
https://wpvulndb.com/vulnerabilities/9937https://wpvulndb.com/vulnerabilities/9937MISCThird Party Advisory