CVE-2024-8378
- EPSS 0.08%
- Published 07.11.2024 16:15:18
- Last modified 17.05.2025 01:45:00
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.
CVE-2022-1091
- EPSS 0.44%
- Published 18.04.2022 18:15:09
- Last modified 21.11.2024 06:40:00
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this ...
CVE-2019-18854
- EPSS 0.63%
- Published 11.11.2019 15:15:12
- Last modified 21.11.2024 04:33:43
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
- EPSS 0.63%
- Published 11.11.2019 15:15:12
- Last modified 21.11.2024 04:33:43
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.