Vulnerability Description
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 10Up | Safe Svg | < 1.9.10 |
Related Weaknesses (CWE)
References
- https://github.com/10up/safe-svg/pull/28PatchThird Party Advisory
- https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3ExploitThird Party Advisory
- https://github.com/10up/safe-svg/pull/28PatchThird Party Advisory
- https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3ExploitThird Party Advisory
FAQ
What is CVE-2022-1091?
CVE-2022-1091 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will ...
How severe is CVE-2022-1091?
CVE-2022-1091 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1091?
Check the references section above for vendor advisories and patch information. Affected products include: 10Up Safe Svg.