Safe Svg@* Security Vulnerabilities and Issues — Safe Svg@* CVE List

Lucene search

10upSafe Svg*

4 matches found

CVE•added 2022/04/18 6:15 p.m.•108 views

CVE-2022-1091

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending ...

6.1CVSS6AI score0.00444EPSS

Web

CVE•added 2019/11/11 3:15 p.m.•83 views

CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring.

7.5CVSS7.4AI score0.00629EPSS

CVE•added 2019/11/11 3:15 p.m.•80 views

CVE-2019-18855

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.

7.5CVSS7.4AI score0.00629EPSS

CVE•added 2024/11/07 4:15 p.m.•59 views

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.

4.8CVSS5.3AI score0.00092EPSS