CVE-2022-4022

SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.

El complemento SVG Support para WordPress tiene por defecto configuraciones inseguras en las versiones 2.5 y 2.5.1. Los archivos SVG que contienen javascript malicioso no se sanitizan. Si bien la versión 2.5 agrega la capacidad de sanitizar las imágenes a medida que se cargan, el complemento deshabilita de forma predeterminada la sanitización y no restringe la carga de SVG solo a los administradores. Esto permite a atacantes autenticados, con privilegios de nivel de autor y superiores, cargar archivos SVG maliciosos que los usuarios con mayores privilegios pueden incrustar en publicaciones y páginas. Además, el JavaScript incrustado también se activa al visitar la URL de la imagen, lo que permite a un atacante ejecutar código malicioso en los navegadores que visitan esa URL.

*Credits: Marco Wotschka

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-11-16 CVE Reserved
2022-11-16 CVE Published
2025-02-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2776612%40svg-support%2Ftrunk&old=2672900%40svg-support%2Ftrunk&sfp_email=&sfph_mail=	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Benbodhi Search vendor "Benbodhi"		Svg Support Search vendor "Benbodhi" for product "Svg Support"				>= 2.5.0 < 2.5.2 Search vendor "Benbodhi" for product "Svg Support" and version " >= 2.5.0 < 2.5.2"		wordpress		Affected