CVE-2023-6541
15.05.2025, 20:15
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
| Vendor | Product | Version |
|---|---|---|
| wphelpline | allow_svg | 𝑥 < 1.2.0 |
𝑥
= Vulnerable software versions