Does Easy SVG Upload have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy SVG Upload have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy SVG Upload compatible with WordPress 6.8.5?

According to WordPress.org data, Easy SVG Upload 1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Easy SVG Upload compatible with PHP 8.0+?

Easy SVG Upload requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Easy SVG Upload updated?

Easy SVG Upload was last updated on Oct 6, 2025. Frequent updates are generally a positive security signal.

What is Easy SVG Upload's security score?

Easy SVG Upload has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy SVG Upload Security & Risk Analysis

wordpress.org/plugins/easy-svg-upload

The easiest way to upload svg image file in your WordPress Site.

10 active installs v1.2 PHP 8.0+ WP 6.0+ Updated Oct 6, 2025

easy-svg-uploadfile-typemime-typesvgsvg-upload

A · Safe

CVEs total1

Unpatched0

Last CVEOct 30, 2024

Plugin page Download

Safety Verdict

Is Easy SVG Upload Safe to Use in 2026?

Generally Safe

Score 99/100

Easy SVG Upload has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 30, 2024Updated 5mo ago

Risk Assessment

The "easy-svg-upload" v1.2 plugin exhibits a mixed security posture. While the static analysis indicates a small attack surface with no directly identifiable unprotected entry points, this is somewhat undermined by a concerning percentage of improperly escaped output and a lack of nonce checks. The absence of any taint analysis findings is a positive sign, suggesting no obvious critical vulnerabilities were detected by that method. However, the plugin's vulnerability history is a significant concern. A known medium-severity CVE related to Cross-site Scripting (XSS) was recently discovered and patched. The recurrence of such vulnerabilities, even if patched, points to potential ongoing weaknesses in input sanitization and output escaping that attackers could exploit. The presence of file operations without further context also warrants caution, as these can be risky if not handled with extreme care. Overall, while the plugin has taken steps to secure its entry points and use prepared statements for SQL, the history of XSS vulnerabilities and the observed output escaping issues suggest a need for continued vigilance and thorough auditing of its handling of user-provided data.

Key Concerns

Medium severity CVE history
Low output escaping percentage
No nonce checks
File operations present

Vulnerabilities

Easy SVG Upload Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-9708medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy SVG Upload <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 30, 2024 Patched in 1.2 (345d)

Code Analysis

Analyzed Mar 16, 2026

Easy SVG Upload Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

43% escaped7 total outputs

Attack Surface

Easy SVG Upload Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionplugins_loadedeasy-svg-upload.php:30

actionplugins_loadedeasy-svg-upload.php:70

actionadmin_initeasy-svg-upload.php:92

actionadmin_initeasy-svg-upload.php:131

filterupload_mimeseasy-svg-upload.php:170

filterwp_check_filetype_and_exteasy-svg-upload.php:184

filterwp_handle_upload_prefiltereasy-svg-upload.php:217

filterwp_handle_uploadeasy-svg-upload.php:240

actionadmin_menueasy-svg-upload.php:316

actionadmin_noticeseasy-svg-upload.php:408

actionactivated_plugineasy-svg-upload.php:450

Maintenance & Trust

Easy SVG Upload Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 6, 2025

PHP min version8.0

Downloads500

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Easy SVG Upload Alternatives

SVG Support

svg-support

Securely upload SVG files to your media library, with built-in sanitization and advanced features for styling and animation.

1.0M 6 CVEs

WP SVG Images

wp-svg-images

Add SVG support to your WP website. Securely upload SVG files, automatic sanitization, Media Library preview.

30K 2 CVEs

Mime Types Plus

mime-types-plus

100

Add the mime type that can be used in the media library to each file type.

10K No CVEs

Upload SVG

upload-svg

100

Safely enable SVG uploads with sanitization and prevent XML/SVG vulnerabilities on your WordPress website. Preview SVG files in your Media Library.

1K No CVEs

Custom Mime Types

custom-mime-types

100

Easily manage and customize allowed file types on your WordPress site. Add or remove mime types, set file size limits, and control who can upload what …

30 No CVEs

Developer Profile

Easy SVG Upload Developer Profile

Delower Hossain

5 plugins · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

345 days

View full developer profile

Detection Fingerprints

How We Detect Easy SVG Upload

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-svg-upload/lib/svg-sanitize/src/svg-sanitize.php

HTML / DOM Fingerprints

Data Attributes

esup_enable_easy_svg_uploadesup_allow_authorsesup_max_svg_kb

FAQ