CVE-2022-1091

CVE-2022-1091: Safe SVG < 1.9.10 - SVG Sanitisation Bypass

Vendor Unknown

Product Safe SVG

Weakness CWE-79 · XSS

Published April 18, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).

Key dates

02Disclosure timeline

April 18, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1091 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-2275 Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-6463 SourceCodester User Registration and Login System add-user.php cross site scripting CVE-2022-4876 Kaltura mwEmbed DefaultSettings.php cross site scripting CVE-2026-4969 code-projects Social Networking Site Alert home.php cross site scripting