CVE-2019-18854
HIGHSafe SVG < 1.9.4 - Denial of Service via Uncontrolled Recursion in xlink:href Attribute
Title source: llmDescription
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9937
Third Party Advisory x_refsource_misc
https://fortiguard.com/zeroday/FG-VD-19-113
Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/changeset/2185438
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/safe-svg/#developers
Scores
CVSS v3
7.5
EPSS
0.0261
EPSS Percentile
83.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (1)
10up/safe_svg
< 1.9.4
Published
Nov 11, 2019
Tracked Since
Feb 18, 2026