CVE-2024-8378

Name of the Vulnerable Software and Affected Versions: Safe SVG WordPress plugin versions prior to 2.2.6

Description: The issue arises because the sanitisation code in the Safe SVG WordPress plugin only runs for paths that call wp handle upload, but not for code that uses wp handle sideload, which is often used to upload attachments via raw POST data. This can lead to potential security risks, including cross-site scripting (XSS) attacks.

Recommendations: For Safe SVG WordPress plugin versions prior to 2.2.6, upgrade to version 2.2.6 or later to mitigate the risks associated with this issue. As a temporary workaround, consider restricting the use of wp handle sideload until the plugin is updated.