WP-Safety

Easy SVG Support Security & Risk Analysis

wordpress.org/plugins/easy-svg

This Plugin allows you to upload SVG Files into your Media library.

40K active installs v4.1 PHP 8.0+ WP 6.0+ Updated Nov 14, 2025
easy-svgsvgsvg-mediasvg-supportupload-svg
96
A · Safe
CVEs total3
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Easy SVG Support Safe to Use in 2026?

Generally Safe

Score 96/100

Easy SVG Support has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 18, 2026Updated 4mo ago
Risk Assessment

The Easy SVG plugin v4.1 exhibits a mixed security profile. On one hand, the static analysis reveals commendable security practices within the current codebase. There are no detected dangerous functions, all SQL queries use prepared statements, and all output is properly escaped. The plugin also includes nonce and capability checks, indicating an effort to secure its functionalities. However, the presence of three previously disclosed medium-severity vulnerabilities, particularly Cross-Site Scripting, raises a significant concern regarding the plugin's historical security and potential for recurring issues. While these vulnerabilities are reported as patched, the pattern suggests that the plugin may have had past weaknesses that could be reintroduced or that a thorough review of past vulnerabilities is necessary to ensure robust long-term security. The static analysis did not identify any critical or high-severity taint flows, which is positive, but the history of XSS vulnerabilities warrants caution.

Key Concerns

  • History of medium severity vulnerabilities (3)
  • History of Cross-Site Scripting vulnerabilities
Vulnerabilities
3

Easy SVG Support Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-12451medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Feb 18, 2026 Patched in 4.1 (1d)
CVE-2024-10269medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Nov 7, 2024 Patched in 3.8 (1d)
CVE-2022-1964medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload

Jun 1, 2022 Patched in 3.3.0 (601d)
Code Analysis
Analyzed Mar 16, 2026

Easy SVG Support Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
1 escaped
Nonce Checks
1
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped1 total outputs
Attack Surface

Easy SVG Support Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filterwp_handle_upload_prefiltereasy-svg.php:163
filterupload_mimeseasy-svg.php:176
filterwp_check_filetype_and_exteasy-svg.php:209
actionwp_AJAX_svg_get_attachment_urleasy-svg.php:267
filterwp_prepare_attachment_for_jseasy-svg.php:313
actionadmin_headeasy-svg.php:334
Maintenance & Trust

Easy SVG Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 14, 2025
PHP min version8.0
Downloads348K

Community Trust

Rating100/100
Number of ratings7
Active installs40K
Alternatives

Easy SVG Support Alternatives

Add SWF Support for Media Uploader | inventivo

Add SWF Support for Media Uploader | inventivo

add-swf-support-for-media-uploader-inventivo

A
85

Add SWF Support for Media Uploader

80 No CVEs
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

B
83

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs
WP SVG Images

WP SVG Images

wp-svg-images

A
99

Add SVG support to your WP website. Securely upload SVG files, automatic sanitization, Media Library preview.

30K 2 CVEs
Upload SVG

Upload SVG

upload-svg

A
100

Safely enable SVG uploads with sanitization and prevent XML/SVG vulnerabilities on your WordPress website. Preview SVG files in your Media Library.

1K No CVEs
SVG Enabler

SVG Enabler

svg-enabler

A
85

This plugin gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site.

30 No CVEs
Developer Profile

Easy SVG Support Developer Profile

Benjamin Zekavica

3 plugins · 41K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
201 days
View full developer profile
Detection Fingerprints

How We Detect Easy SVG Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-svg/admin/css/admin.css/wp-content/plugins/easy-svg/admin/js/admin.js
Script Paths
/wp-content/plugins/easy-svg/admin/js/admin.js
Version Parameters
easy-svg/admin/css/admin.css?ver=easy-svg/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
esw-svg-uploader
HTML Comments
<!-- The main SVG uploader. --><!-- SVG files are not allowed in this directory for security reasons. -->
Data Attributes
data-esw-svg-uploader
JS Globals
easy_svg_admin_params
REST Endpoints
/wp-json/easy-svg/v1/upload
FAQ

Frequently Asked Questions about Easy SVG Support