cleantalk
Vulnerabilities and Security Researches

Safe SVG, CVE-2022-1091

CVE, Research URL

CVE-2022-1091

Home page URL

Security reports for Safe SVG

Application

Safe SVG

Published on
Apr 18, 2022
Research Description
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).
Affected versions
Min -, max 1.9.6.
Status
vulnerable
Previous vulnerability researches
Safe SVG (CVE-2024-8378) , Nov 08, 2024
Safe SVG , Feb 17, 2025
Safe SVG (CVE-2022-1091) , Jun 07, 2024
Safe SVG (CVE-2019-18854) , Jun 07, 2024
Safe SVG (CVE-2023-28426) , Jun 07, 2024
New vulnerability
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39590) , Apr 17, 2025
Basic Interactive World Map (CVE-2025-39517) , Apr 17, 2025