2 matches found
CVE-2022-1091
The CVE-2022-1091 issue affects the Safe SVG WordPress plugin prior to version 1.9.10. The sanitisation step can be bypassed by spoofing the content-type in a POST request to upload an SVG file, allowing an attacker to perform XSS (and potentially other XML-related attacks depending on the SVG us...
CVE-2022-1091 Safe SVG < 1.9.10 - SVG Sanitisation Bypass
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...