CVE-2022-1964

CVE-2022-1964: Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG

Vendor Unknown
Product Easy SVG Support
Weakness CWE-79 · XSS
Published June 27, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

Key dates

02Disclosure timeline

June 27, 2022 CVE published
August 3, 2024 Record updated