CVE-2022-1939

Published: Jun 20, 2022Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to

Affected (1)

Products: Allow Svg Files Project: Allow Svg Files

Allow Svg Files Project

1 product

Allow Svg Files

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Allow Svg Files Project Allow Svg Files	Before 1.1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.