CVE-2022-1755

Name of the Vulnerable Software and Affected Versions SVG Support WordPress plugin versions prior to 2.5

Description The issue arises from the improper handling of SVG files added via a URL, potentially allowing users with a role as low as author to perform Cross-Site Scripting attacks.

Recommendations For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability to add SVG files via URL to higher-privileged users until the update can be applied.