Vulnerability Details CVE-2022-2299
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.2%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2022-2299
-
cpe:2.3:a:allow_svg_files_project:allow_svg_files:1.0
-
cpe:2.3:a:allow_svg_files_project:allow_svg_files:1.1