WordPress Plugin Vulnerabilities

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

Description

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).

Proof of Concept

Affects Plugins

Plugin icon
safe-svg
Fixed in 1.9.10

References

CVE
CVE-2022-1091
URL
https://github.com/10up/safe-svg/pull/28

Miscellaneous

Original Researcher
David Hamann
Submitter
David Hamann
Submitter website
https://davidhamann.de
Submitter twitter
d_hamann
Verified
Yes
WPVDB ID
4d12533e-bdb7-411f-bcdf-4c5046db13f3

Timeline

Publicly Published
2022-03-25 (about 3 years ago)
Added
2022-03-25 (about 3 years ago)
Last Updated
2022-04-11 (about 3 years ago)

Other

Published
Title
Published
2022-08-01
Title
Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction
Published
2021-09-13
Title
WooCommerce Multi Currency < 2.1.18 - Authenticated Product Price Change
Published
2015-02-22
Title
WP Ultimate CSV Importer <= 3.6.74 - Database Table Export
Published
2019-03-26
Title
Nested Pages <= 3.0.7 - Post Edit Bypass
Published
2014-09-22
Title
Wordfence 5.2.3 - Banned IP Functionality Bypass