WordPress · Svg Support · CVE-2022-1755
**Name of the Vulnerable Software and Affected Versions**
SVG Support WordPress plugin versions prior to 2.5
**Description**
The issue arises from the improper handling of SVG files added via a URL, potentially allowing users with a role as low as author to perform Cross-Site Scripting attacks.
**Recommendations**
For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability to add SVG files via URL to higher-privileged users until the update can be applied.