CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring...

EUVD-2019-8551

Malware in sbrugna...

EUVD-2019-8552

Malware in sbrugna...

EUVD-2022-1635

Malicious code in bioql PyPI...

CVE-2019-18855

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes...

WordPress Safe SVG Plugin < 2.2.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...

WordPress Safe SVG Plugin < 1.9.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...

WordPress Safe SVG plugin < 2.2.6 - Author+ Cross Site Scripting (XSS) vulnerability

Author+ Cross Site Scripting XSS vulnerability discovered by Alexander Concha in WordPress Plugin Safe SVG versions 2.2.6...

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

PT-2024-38982 · WordPress · Safe-Svg

Name of the Vulnerable Software and Affected Versions: Safe SVG WordPress plugin versions prior to 2.2.6 Description: The issue arises because the sanitisation code in the Safe SVG WordPress plugin only runs for paths that call wp handle upload, but not for code that uses wp handle sideload, whic...

GHSA-5H7W-HMXC-99G5 Cross site scripting in safe-svg

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...

WordPress plugin sanitisation step of the Safe SVG 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2019-15703 · Safe-Svg · Safe-Svg

Name of the Vulnerable Software and Affected Versions: safe-svg plugin versions prior to 1.9.5 Description: A Denial Of Service issue exists, related to potentially unwanted elements or attributes. Recommendations: For versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue...

PT-2019-15702 · Safe-Svg · Safe-Svg

Name of the Vulnerable Software and Affected Versions: safe-svg plugin versions through 1.9.4 Description: A Denial Of Service issue exists, related to unlimited recursion for a '' substring. Recommendations: For versions through 1.9.4, update to a version later than 1.9.4 to resolve the issue...