QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1091

Published: Apr 18, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).

Vendor	Product	Versions
Unknown	Safe SVG	affected `1.9.10 - < 1.9.10`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3

x_refsource_MISC

https://github.com/10up/safe-svg/pull/28

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.