CVE-2022-1562

CVE-2022-1562: Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG

Vendor Unknown
Product Enable SVG
Weakness CWE-79 · XSS
Published May 30, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

Key dates

02Disclosure timeline

May 30, 2022 CVE published
August 3, 2024 Record updated