CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

PT-2025-21373 · WordPress · Allow Svg

Name of the Vulnerable Software and Affected Versions: Allow SVG WordPress plugin versions prior to 1.2.0 Description: The issue concerns the failure to sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress plugin Allow SVG 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...

CVE-2022-2299

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-2299

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-2299

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-2299

The CVE-2022-2299 entry concerns the WordPress plugin Allow SVG Files (

WordPress plugin Allow SVG Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Allow SVG Files plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Luan Pedersini in WordPress Allow SVG Files plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of July 1, 2022 and is not available for download. This closure is temporary, pending a full...

CVE-2022-1939

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to...