Every CVE whose affected-product data names Benbodhi Svg Support, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-4022 — CVSS 6.4 (medium): The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are…
CVE-2024-10222 — CVSS 6.4 (medium): The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and…
CVE-2022-1755 — CVSS 5.4 (medium): The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as…
CVE-2021-24686 — CVSS 4.8 (medium): The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute…