3 matches found
CVE-2022-1964
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2022-1964 Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG
The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2022-1964
The CVE concerns the WordPress Easy SVG Support plugin prior to v3.3.0, where uploaded SVG files are not properly sanitised. This allows users with a role as low as Author to upload an SVG containing XSS payloads, enabling stored cross-site scripting via SVG uploads. Affected software: WordPress ...