Exploit for WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG CVE-2021-24386

Name: Exploit for WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG CVE-2021-24386
Rating: 5 (320 reviews)

2021-06-14 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:E9B48B19-14CC-41AD-A029-F7F9AE236E4E
As an author, upload a malicious SVG and then access it directly (ie https://example.com/wp-content/uploads/2021/06/xss.svg) to trigger the XSS