CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1562

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2022-1562

Room 34 Creative Services » Enable Svg » Version: 1.0.0

cpe:2.3:a:room_34_creative_services:enable_svg:1.0.0
Room 34 Creative Services » Enable Svg » Version: 1.1.0

cpe:2.3:a:room_34_creative_services:enable_svg:1.1.0
Room 34 Creative Services » Enable Svg » Version: 1.1.1

cpe:2.3:a:room_34_creative_services:enable_svg:1.1.1
Room 34 Creative Services » Enable Svg » Version: 1.2.0

cpe:2.3:a:room_34_creative_services:enable_svg:1.2.0
Room 34 Creative Services » Enable Svg » Version: 1.2.1

cpe:2.3:a:room_34_creative_services:enable_svg:1.2.1
Room 34 Creative Services » Enable Svg » Version: 1.3.0

cpe:2.3:a:room_34_creative_services:enable_svg:1.3.0
Room 34 Creative Services » Enable Svg » Version: 1.3.1

cpe:2.3:a:room_34_creative_services:enable_svg:1.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1562

Products

Pricing

Contact Us