Lucene search
K
10upSafe Svg

4 matches found

CVE
CVE
added 2022/04/18 5:10 p.m.140 views

CVE-2022-1091

The CVE-2022-1091 issue affects the Safe SVG WordPress plugin prior to version 1.9.10. The sanitisation step can be bypassed by spoofing the content-type in a POST request to upload an SVG file, allowing an attacker to perform XSS (and potentially other XML-related attacks depending on the SVG us...

6.1CVSS6AI score0.01161EPSS
Web
CVE
CVE
added 2024/11/07 3:7 p.m.131 views

CVE-2024-8378

CVE-2024-8378 relates to the WordPress Safe SVG plugin prior to version 2.2.6. The sanitisation logic only runs for paths that call wp_handle_upload and does not cover code using wp_handle_sideload, which is commonly used to upload attachments via raw POST data. This gap can permit bypass of sani...

4.8CVSS5.3AI score0.00303EPSS
CVE
CVE
added 2019/11/11 2:36 p.m.104 views

CVE-2019-18854

The CVE-2019-18854 issue affects the WordPress Safe SVG plugin up to version 1.9.4. The root cause is an unlimited recursion triggered by a specific SVG fragment: , leading to Denial of Service. Multiple sources (WordPress ecosystem advisories and CVE aggregations) confirm the vulnerability exist...

7.5CVSS7.4AI score0.02605EPSS
CVE
CVE
added 2019/11/11 2:35 p.m.96 views

CVE-2019-18855

The CVE-2019-18855 issue affects the WordPress Safe SVG plugin (safe-svg) up to version 1.9.4, with a Denial of Service vulnerability arising from handling of potentially unwanted elements or attributes in SVG uploads. Root cause is a DoS condition; affected installations are those running vulner...

7.5CVSS7.4AI score0.02605EPSS