CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1091 – Safe SVG < 1.9.10 - SVG Sanitisation Bypass
https://notcve.org/view.php?id=CVE-2022-1091
25 Mar 2022 — The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks). El paso de saneo del plugin Safe SVG de WordPress versiones anteriores a 1.9.10, puede ser omitido al suplantar el tipo de contenido en la petic... • https://github.com/10up/safe-svg/pull/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18855 – Safe SVG <= 1.9.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2019-18855
05 Nov 2019 — A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. Se presenta una vulnerabilidad de Denegación de Servicio en el plugin safe-svg (también se conoce como Safe SVG) versiones hasta 1.9.4 para WordPress, relacionado con elementos o atributos potencialmente no deseados. • https://fortiguard.com/zeroday/FG-VD-19-113 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18854 – Safe SVG <= 1.9.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2019-18854
05 Nov 2019 — A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. Se presenta una vulnerabilidad de Denegación De Servicio en el plugin safe-svg (también se conoce como Safe SVG) versiones hasta 1.9.4 para WordPress, relacionado con la recursividad ilimitada para una subcadena ''. • https://fortiguard.com/zeroday/FG-VD-19-113 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •