CVE-2022-1755

CVE-2022-1755: SVG Support < 2.5 - Author+ Stored Cross-Site Scripting

Vendor Unknown
Product SVG Support
Weakness CWE-79 · XSS
Published September 26, 2022
Last update May 21, 2025

CVSS base score

What the vulnerability does

01Description

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

September 26, 2022 CVE published
May 21, 2025 Record updated