Vulnerability Details CVE-2022-1939
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2022-1939
-
cpe:2.3:a:allow_svg_files_project:allow_svg_files:1.0