← Back

Allow Svg Files Project

allow_svg_files_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Allow Svg Files
allow_svg_files
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-2299
1Allow Svg Files Project
1Allow Svg Files
Jun 17, 2026
Jul 25, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
CVE-2022-1939
1Allow Svg Files Project
1Allow Svg Files
Jun 17, 2026
Jun 20, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to