3 matches found
PT-2023-29272 · WordPress · Uploading Svg
Name of the Vulnerable Software and Affected Versions: Uploading SVG, WEBP and ICO files WordPress plugin versions 1.2.1 and earlier Description: The issue concerns the failure to sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containin...
CVE-2022-4022
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...
librsvg2 -- multiple vulnerabilities
Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...