2 matches found
CVE-2022-1091
The CVE-2022-1091 issue affects the Safe SVG WordPress plugin prior to version 1.9.10. The sanitisation step can be bypassed by spoofing the content-type in a POST request to upload an SVG file, allowing an attacker to perform XSS (and potentially other XML-related attacks depending on the SVG us...
CVE-2024-8378
CVE-2024-8378 relates to the WordPress Safe SVG plugin prior to version 2.2.6. The sanitisation logic only runs for paths that call wp_handle_upload and does not cover code using wp_handle_sideload, which is commonly used to upload attachments via raw POST data. This gap can permit bypass of sani...