CVE-2022-1939

Summary

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to

Affected Software

VendorProductVersion RangeStatus
UnknownAllow svg files1.1 < 1.1affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References