Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for SVG Support by benbodhi

    CVE-2026-48973 (GCVE-0-2026-48973)

    Vulnerability from nvd – Published: 2026-05-27 14:28 – Updated: 2026-05-27 15:34 X_Open Source
    VLAI
    Title
    WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Benbodhi SVG Support Affected: n/a , ≤ 2.5.14 (custom)
    Create a notification for this product.
    Credits
    Steven Julian | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:34:00.476777Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:34:08.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "svg-support",
              "product": "SVG Support",
              "vendor": "Benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.14",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Steven Julian | Patchstack Bug Bounty Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SVG Support: from n/a through 2.5.14.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects SVG Support: from n/a through 2.5.14."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T14:28:59.191Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/svg-support/vulnerability/wordpress-svg-support-plugin-2-5-14-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "WordPress SVG Support plugin \u003c= 2.5.14 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-48973",
        "datePublished": "2026-05-27T14:28:59.191Z",
        "dateReserved": "2026-05-26T19:56:06.748Z",
        "dateUpdated": "2026-05-27T15:34:08.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10222 (GCVE-0-2024-10222)

    Vulnerability from nvd – Published: 2025-02-21 13:41 – Updated: 2026-04-08 16:54
    VLAI
    Title
    SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
    Summary
    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 0 , ≤ 2.5.10 (semver)
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-21T17:16:26.517305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-21T17:16:47.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:54:34.119Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/svg-support/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3244181/"
            },
            {
              "url": "https://github.com/benbodhi/svg-support/commit/eee3e13b650511c9cc9ee0746be485d031c7c072"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-21T00:37:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SVG Support \u003c= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10222",
        "datePublished": "2025-02-21T13:41:28.666Z",
        "dateReserved": "2024-10-21T20:18:04.343Z",
        "dateUpdated": "2026-04-08T16:54:34.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6708 (GCVE-0-2023-6708)

    Vulnerability from nvd – Published: 2024-07-18 02:38 – Updated: 2026-04-08 17:00
    VLAI
    Title
    SVG Support <= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG
    Summary
    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 0 , ≤ 2.5.7 (semver)
    Create a notification for this product.
    Credits
    Nathanial Lattimer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T13:36:31.362090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T13:36:40.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/svg-support.php#L110"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/functions/attachment.php#L235"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/svg-support/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathanial Lattimer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the \u0027Sanitize SVG while uploading\u0027 feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:00:49.641Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/svg-support.php#L110"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/functions/attachment.php#L235"
            },
            {
              "url": "https://wordpress.org/plugins/svg-support/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3133760%40svg-support\u0026new=3133760%40svg-support\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-17T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SVG Support \u003c= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-6708",
        "datePublished": "2024-07-18T02:38:33.871Z",
        "dateReserved": "2023-12-12T01:41:59.273Z",
        "dateUpdated": "2026-04-08T17:00:49.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4022 (GCVE-0-2022-4022)

    Vulnerability from nvd – Published: 2022-11-16 13:23 – Updated: 2025-02-07 20:32
    VLAI
    Summary
    The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 2.5
    Affected: 2.5.1
    Create a notification for this product.
    Credits
    Marco Wotschka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2776612%40svg-support%2Ftrunk\u0026old=2672900%40svg-support%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T20:32:43.023047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T20:32:49.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5"
                },
                {
                  "status": "affected",
                  "version": "2.5.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Wotschka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T13:23:44.784Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2776612%40svg-support%2Ftrunk\u0026old=2672900%40svg-support%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-08-29T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2022-08-29T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2022-11-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4022",
        "datePublished": "2022-11-16T13:23:44.784Z",
        "dateReserved": "2022-11-16T13:18:06.146Z",
        "dateUpdated": "2025-02-07T20:32:49.213Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-48973 (GCVE-0-2026-48973)

    Vulnerability from cvelistv5 – Published: 2026-05-27 14:28 – Updated: 2026-05-27 15:34 X_Open Source
    VLAI
    Title
    WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Benbodhi SVG Support Affected: n/a , ≤ 2.5.14 (custom)
    Create a notification for this product.
    Credits
    Steven Julian | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:34:00.476777Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:34:08.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "svg-support",
              "product": "SVG Support",
              "vendor": "Benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.14",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Steven Julian | Patchstack Bug Bounty Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SVG Support: from n/a through 2.5.14.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects SVG Support: from n/a through 2.5.14."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T14:28:59.191Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/svg-support/vulnerability/wordpress-svg-support-plugin-2-5-14-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "WordPress SVG Support plugin \u003c= 2.5.14 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-48973",
        "datePublished": "2026-05-27T14:28:59.191Z",
        "dateReserved": "2026-05-26T19:56:06.748Z",
        "dateUpdated": "2026-05-27T15:34:08.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10222 (GCVE-0-2024-10222)

    Vulnerability from cvelistv5 – Published: 2025-02-21 13:41 – Updated: 2026-04-08 16:54
    VLAI
    Title
    SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
    Summary
    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 0 , ≤ 2.5.10 (semver)
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-21T17:16:26.517305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-21T17:16:47.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:54:34.119Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/svg-support/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3244181/"
            },
            {
              "url": "https://github.com/benbodhi/svg-support/commit/eee3e13b650511c9cc9ee0746be485d031c7c072"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-21T00:37:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SVG Support \u003c= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10222",
        "datePublished": "2025-02-21T13:41:28.666Z",
        "dateReserved": "2024-10-21T20:18:04.343Z",
        "dateUpdated": "2026-04-08T16:54:34.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6708 (GCVE-0-2023-6708)

    Vulnerability from cvelistv5 – Published: 2024-07-18 02:38 – Updated: 2026-04-08 17:00
    VLAI
    Title
    SVG Support <= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG
    Summary
    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 0 , ≤ 2.5.7 (semver)
    Create a notification for this product.
    Credits
    Nathanial Lattimer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T13:36:31.362090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T13:36:40.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:35:14.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/svg-support.php#L110"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/functions/attachment.php#L235"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/svg-support/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathanial Lattimer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the \u0027Sanitize SVG while uploading\u0027 feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:00:49.641Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/svg-support.php#L110"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/svg-support/trunk/functions/attachment.php#L235"
            },
            {
              "url": "https://wordpress.org/plugins/svg-support/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3133760%40svg-support\u0026new=3133760%40svg-support\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-17T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SVG Support \u003c= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-6708",
        "datePublished": "2024-07-18T02:38:33.871Z",
        "dateReserved": "2023-12-12T01:41:59.273Z",
        "dateUpdated": "2026-04-08T17:00:49.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4022 (GCVE-0-2022-4022)

    Vulnerability from cvelistv5 – Published: 2022-11-16 13:23 – Updated: 2025-02-07 20:32
    VLAI
    Summary
    The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    benbodhi SVG Support Affected: 2.5
    Affected: 2.5.1
    Create a notification for this product.
    Credits
    Marco Wotschka
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2776612%40svg-support%2Ftrunk\u0026old=2672900%40svg-support%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T20:32:43.023047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T20:32:49.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SVG Support",
              "vendor": "benbodhi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5"
                },
                {
                  "status": "affected",
                  "version": "2.5.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Wotschka"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T13:23:44.784Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2776612%40svg-support%2Ftrunk\u0026old=2672900%40svg-support%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4022"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-08-29T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2022-08-29T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2022-11-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4022",
        "datePublished": "2022-11-16T13:23:44.784Z",
        "dateReserved": "2022-11-16T13:18:06.146Z",
        "dateUpdated": "2025-02-07T20:32:49.213Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }