2 matches found
CVE-2022-4022
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...
CVE-2022-4022
The CVE-2022-4022 entry concerns the WordPress SVG Support plugin (versions 2.5–2.5.1). The root cause is insecure default settings that do not sanitize SVG files containing JavaScript, permitting authenticated users with author-level privileges or higher to upload malicious SVGs that can be embe...