CVE-2022-1964
The CVE concerns the WordPress Easy SVG Support plugin prior to v3.3.0, where uploaded SVG files are not properly sanitised. This allows users with a role as low as Author to upload an SVG containing XSS payloads, enabling stored cross-site scripting via SVG uploads. Affected software: WordPress ...