The plugin does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
1. Upload an SVG file with the following contents. 2. View the SVG file on the frontend and see the alerts.
CPE | Name | Operator | Version |
---|---|---|---|
enable-svg-webp-ico-upload | eq | * |