44 matches found
CVE-2019-18854
A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring...
EUVD-2019-8551
Malware in sbrugna...
EUVD-2019-8552
Malware in sbrugna...
EUVD-2022-1635
Malicious code in bioql PyPI...
CVE-2024-8378
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...
CVE-2019-18855
A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes...
WordPress Safe SVG Plugin < 2.2.6 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...
WordPress Safe SVG Plugin < 1.9.6 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...
WordPress Safe SVG plugin < 2.2.6 - Author+ Cross Site Scripting (XSS) vulnerability
Author+ Cross Site Scripting XSS vulnerability discovered by Alexander Concha in WordPress Plugin Safe SVG versions 2.2.6...
CVE-2024-8378
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...
CVE-2024-8378
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...
CVE-2024-8378
CVE-2024-8378 relates to the WordPress Safe SVG plugin prior to version 2.2.6. The sanitisation logic only runs for paths that call wp_handle_upload and does not cover code using wp_handle_sideload, which is commonly used to upload attachments via raw POST data. This gap can permit bypass of sani...
PT-2024-38982 · WordPress · Safe-Svg
Name of the Vulnerable Software and Affected Versions: Safe SVG WordPress plugin versions prior to 2.2.6 Description: The issue arises because the sanitisation code in the Safe SVG WordPress plugin only runs for paths that call wp handle upload, but not for code that uses wp handle sideload, whic...
WordPress Safe SVG Plugin < 2.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Safe SVG Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8378 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a85e49dfeba Credits Alexander Concha Required privilege Author...
WordPress plugin Safe SVG 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Safe SVG Plugin < 1.9.10 Contet-Type Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...
GHSA-5H7W-HMXC-99G5 Cross site scripting in safe-svg
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
Cross site scripting in safe-svg
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...