CVE-2022-36285
HIGHWordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Auth ...
Title source: llmDescription
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
References (2)
Core 2
Core References
Product, Release Notes x_refsource_confirm
https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers
Scores
CVSS v3
7.2
EPSS
0.0176
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (2)
dmitrylitvinov/Uploading SVG, WEBP and ICO files (WordPress plugin)
<= 1.0.1 - 1.0.1
uploading_svg\,_webp_and_ico_files_project/uploading_svg\,_webp_and_ico_files
< 1.0.1
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026