CVE-2022-1939
Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Jun 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
Affected products
Unknown · Allow svg filesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →