Allow Svg Files

allow_svg_files

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2299 1Allow Svg Files Project 1Allow Svg Files Jun 17, 2026 Jul 25, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
CVE-2022-1939 1Allow Svg Files Project 1Allow Svg Files Jun 17, 2026 Jun 20, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to