cleantalk
Vulnerabilities and Security Researches

Safe SVG, CVE-2024-8378

CVE, Research URL

CVE-2024-8378

Home page URL

Security reports for Safe SVG

Application

Safe SVG

Published on
Nov 07, 2024
Research Description
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.
Affected versions
Min -, max 2.2.6.
Status
vulnerable
Previous vulnerability researches
Safe SVG (CVE-2024-8378) , Nov 08, 2024
Safe SVG , Feb 17, 2025
Safe SVG (CVE-2022-1091) , Jun 07, 2024
Safe SVG (CVE-2019-18854) , Jun 07, 2024
Safe SVG (CVE-2023-28426) , Jun 07, 2024
New vulnerability
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39590) , Apr 17, 2025
Basic Interactive World Map (CVE-2025-39517) , Apr 17, 2025