[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foNr41CDvJZLCdEpq1Nsq95MMliPK-ExZ-mVZk5FKL94":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":108,"crawl_stats":38,"alternatives":114,"analysis":210,"fingerprints":391},"safe-svg","Safe SVG","2.4.0","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Safe SVG is the best way to Allow SVG Uploads in WordPress!\u003C\u002Fp>\n\u003Cp>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sanitised SVGs\u003C\u002Fstrong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SVGO Optimisation\u003C\u002Fstrong> – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: \u003Ccode>add_filter( 'safe_svg_optimizer_enabled', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in the Media Library\u003C\u002Fstrong> – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Who Can Upload\u003C\u002Fstrong> – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Initially a proof of concept for \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F24251\" rel=\"nofollow ugc\">#24251\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Sanitization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Optimization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\u003C\u002Fa>.\u003C\u002Fp>\n","Enable SVG uploads and sanitize them to stop XML\u002FSVG vulnerabilities in your WordPress website.",1000000,12729263,98,77,"2026-01-04T21:05:00.000Z","6.9.4","6.6","7.4",[20,21,22,23,24],"media","mime","security","svg","vector","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-svg.2.4.0.zip",94,6,0,"2024-10-17 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,77,88,102],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-8378","safe-svg-authenticated-author-stored-cross-site-scripting-via-svg","Safe SVG \u003C= 2.2.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG","The Safe SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",null,"\u003C=2.2.5","2.2.6","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-12 17:56:17",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5d42dc6-047f-45ff-9a7a-5a7738f7dcb5?source=api-prod",57,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":44,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2023-28426","svg-sanitizer-library-cross-site-scripting-bypass","SVG Sanitizer library \u003C= 0.15.4 - Cross-Site Scripting Bypass","The SVG Sanitizer library is vulnerable to XSS Bypass in versions up to, and including, 0.15.4. This may allow an attacker to successfully upload an SVG with persistent Cross-Site Scripting payloads in cases where a plugin is using this library to safely process SVG files.","\u003C=2.0.3","2.1.0","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-03-23 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fca73de6d-2d47-4d7c-a917-0f99fed8c27d?source=api-prod",306,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":56,"cvss_score":71,"cvss_vector":72,"vuln_type":44,"published_date":73,"updated_date":60,"references":74,"days_to_patch":76},"CVE-2022-1091","safe-svg-content-type-bypass","Safe SVG \u003C= 1.9.9 - Content-Type Bypass","The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).","\u003C1.9.10","1.9.10",7.7,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:N\u002FI:H\u002FA:N","2022-03-25 00:00:00",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffbf25275-eb33-4581-8602-e8a64ba78692?source=api-prod",669,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":84,"updated_date":60,"references":85,"days_to_patch":87},"WF-1a0fcd50-e9d6-49a5-979f-61f953b1a1cd-safe-svg","safe-svg-cross-site-scripting","Safe SVG \u003C= 1.9.5 - Cross-Site Scripting","The Safe SVG plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C=1.9.5","1.9.6","2019-11-08 00:00:00",[86],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1a0fcd50-e9d6-49a5-979f-61f953b1a1cd?source=api-prod",1537,{"id":89,"url_slug":90,"title":91,"description":92,"plugin_slug":4,"theme_slug":38,"affected_versions":93,"patched_in_version":94,"severity":41,"cvss_score":95,"cvss_vector":96,"vuln_type":97,"published_date":98,"updated_date":60,"references":99,"days_to_patch":101},"CVE-2019-18855","safe-svg-denial-of-service","Safe SVG \u003C= 1.9.4 - Denial of Service","A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.","\u003C=1.9.4","1.9.5",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H","Uncontrolled Resource Consumption","2019-11-05 00:00:00",[100],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F01eef49c-79c1-40a0-9b4b-05a699d47a41?source=api-prod",1540,{"id":103,"url_slug":104,"title":91,"description":105,"plugin_slug":4,"theme_slug":38,"affected_versions":93,"patched_in_version":94,"severity":41,"cvss_score":95,"cvss_vector":96,"vuln_type":97,"published_date":98,"updated_date":60,"references":106,"days_to_patch":101},"CVE-2019-18854","safe-svg-denial-of-service-2","A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '\u003Cuse ... xlink:href=\"#identifier\">' substring.",[107],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb4f4fcaa-4c66-49f6-b13f-da112ae26e21?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":109,"total_installs":110,"avg_security_score":13,"avg_patch_time_days":111,"trust_score":112,"computed_at":113},23,1384530,546,78,"2026-04-03T23:06:01.391Z",[115,134,155,174,190],{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":123,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"svg-editor","SVG Editor: Upload & Change Colors","1.1","Digages","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigages\u002F","\u003Cp>SVG Editor adds native support for uploading and editing SVG (Scalable Vector Graphics) directly within your WordPress Media Library. Easily change the colors of your favorite icons, images, and vector assets without needing any external design software.\u003C\u002Fp>\n\u003Cp>Whether you’re a web designer, developer, or content creator, SVG Editor is here to simplify your workflow and save you time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable SVG Uploads\u003C\u002Fstrong>: Allows you to safely upload SVG files to your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in Media Library\u003C\u002Fstrong>: Preview your SVG files directly within the WordPress Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress Integration\u003C\u002Fstrong>: Works seamlessly within the WordPress Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Color Editing\u003C\u002Fstrong>: Change SVG colors with our intuitive interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sanitized SVGs\u003C\u002Fstrong>: Automatically cleans SVG code to prevent security risks and ensure safe usage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Preserves SVG Integrity\u003C\u002Fstrong>: Maintains the scalability and quality of your vector graphics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: Easily edit SVG on the go.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>About Digages:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG Editor is a free and open-source plugin developed and maintained by \u003Ca href=\"https:\u002F\u002Fdigages.com\u002F\" rel=\"nofollow ugc\">Digages\u003C\u002Fa>. We’re committed to creating tools that make WordPress more powerful and easier to use.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdigages.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate Now\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdigages.com\u002F\" rel=\"nofollow ugc\">Visit Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Other Plugins by Digages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirect-payments-for-woocommerce\u002F\" rel=\"ugc\">Direct Payment for Woocommerce\u003C\u002Fa>: Direct Payments for WooCommerce makes it easy for WooCommerce store owners to accept payments directly through local and global methods with 0.0% transaction fees. Enable direct payments from your customers via bank transfers, mobile money, crypto and peer-to-peer platforms like Zelle, Venmo, Cash App e.t.c\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirect-payments-wp\u002F\" rel=\"ugc\">Direct Payment WP\u003C\u002Fa>: Direct Payments WP is the ultimate plugin for WordPress users who want a simple and flexible way to accept payments. Whether you’re a freelancer, a small business owner, or running a membership site, Direct Payments WP empowers you to accept payments directly using customizable forms, invoices and pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External API Notice\u003C\u002Fh3>\n\u003Cp>This plugin optionally connects to an external API to fetch additional plugin listings. The core functionality of the plugin is fully independent and remains unaffected if the API is not used.\u003C\u002Fp>\n\u003Cp>We value user privacy and ensure that no personal or sensitive data is sent to the external API.\u003C\u002Fp>\n","SVG Editor lets you upload SVG files and change their colors directly within the WordPress Media Library.",100,1048,3,"2025-07-07T14:30:00.000Z","6.8.5","5.0","7.0",[131,20,21,23,24],"editor","https:\u002F\u002Fdigages.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-editor.1.1.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":11,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":18,"tags":148,"homepage":151,"download_link":152,"security_score":153,"vuln_count":28,"unpatched_count":29,"last_vuln_date":154,"fetched_at":31},"svg-support","SVG Support","2.5.14","Benbodhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenbodhi\u002F","\u003Cp>\u003Cstrong>The complete SVG solution for WordPress – secure, flexible, and easy to use.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG Support enables secure SVG uploads with powerful features for both basic users and developers:\u003C\u002Fp>\n\u003Cp>✨ \u003Cstrong>Key Features\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Secure SVG uploads with automatic sanitization\u003Cbr \u002F>\n– Inline rendering for direct CSS\u002FJS manipulation\u003Cbr \u002F>\n– File size optimization through minification\u003Cbr \u002F>\n– Role-based access control\u003Cbr \u002F>\n– Advanced developer options\u003Cbr \u002F>\n– Multisite compatible\u003Cbr \u002F>\n– Full Block Editor (Gutenberg) compatibility\u003C\u002Fp>\n\u003Cp>🔒 \u003Cstrong>Security First\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Built-in sanitization removes potentially harmful code\u003Cbr \u002F>\n– Role-based upload restrictions\u003Cbr \u002F>\n– Comprehensive MIME type validation\u003C\u002Fp>\n\u003Cp>🎨 \u003Cstrong>Designer Friendly\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Direct styling of SVG elements\u003Cbr \u002F>\n– Animation support\u003Cbr \u002F>\n– Custom class targeting\u003Cbr \u002F>\n– Automatic dimension handling\u003C\u002Fp>\n\u003Cp>💻 \u003Cstrong>Developer Ready\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Advanced mode for additional features\u003Cbr \u002F>\n– REST API support\u003Cbr \u002F>\n– Gutenberg compatible\u003Cbr \u002F>\n– Extensive hooks and filters\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Basic Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– First, install and activate SVG Support via your WordPress dashboard\u003Cbr \u002F>\n– Upload SVG files to your media library like any other image\u003Cbr \u002F>\n– Works seamlessly with Image blocks, Cover blocks and featured images\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Enable “Advanced Mode” for minification and inline rendering\u003Cbr \u002F>\n– Customize with hooks and filters for tailored functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to enable inline rendering:\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Image blocks\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Cover blocks to render SVG backgrounds inline\u003Cbr \u002F>\n– Use “Skip Nested SVGs” setting to control inline rendering of SVGs within Cover blocks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Classic Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to \u003Ccode>\u003Cimg>\u003C\u002Fcode> tags for inline rendering\u003Cbr \u002F>\n– Enable “Auto Insert Class” option for automatic class insertion in Classic Editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Common Issues & Solutions\u003C\u002Fstrong>:\u003Cbr \u002F>\n– SVG not displaying? Ensure dimensions are set in CSS.\u003Cbr \u002F>\n– Need help? Use the support tab and I will do my best to assist you.\u003C\u002Fp>\n\u003Ch3>Spin up a test site\u003C\u002Fh3>\n\u003Cp>With a single click, you can spin up a completely free test site to test SVG Support using TasteWP! No sign up, no cards, nothing! How cool is that? Give it a go:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew?pre-installed-plugin-slug=svg-support&redirect=options-general.php%3Fpage%3Dsvg-support&ni=true\" rel=\"nofollow ugc\">Click Here to spin up a test site in seconds\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>SVG Support prioritizes security with automatic sanitization and role-based restrictions. Only trusted users should have upload permissions. Configure settings to balance functionality and security.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>I’m open to your \u003Ca href=\"mailto:wp@benbodhi.com\" rel=\"nofollow ugc\">suggestions and feedback\u003C\u002Fa> – Thanks for using SVG Support!\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsvgsupport\" rel=\"nofollow ugc\">@SVGSupport\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Fwarpcast.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Warpcast\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> I hope you like this plugin! Please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsvg-support?filter=5#postform\" rel=\"ugc\">rate it\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Development & Contributing\u003C\u002Fh3>\n\u003Cp>The development version of SVG Support is maintained on GitHub. Feel free to contribute:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Submit bug reports or feature suggestions: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contribute code via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fpulls\" rel=\"nofollow ugc\">Pull Requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Development repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Contribute translations \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsvg-support\" rel=\"nofollow ugc\">here\u003C\u002Fa>. New to translating? Check the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftools\u002Fglotpress-translate-wordpress-org\u002F\" rel=\"nofollow ugc\">Translator Handbook\u003C\u002Fa>.\u003C\u002Fp>\n","Securely upload SVG files to your media library, with built-in sanitization and advanced features for styling and animation.",12632236,96,354,"2025-02-25T08:34:00.000Z","6.7.5","5.8",[149,4,150,23,24],"mime-type","sanitization","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsvg-support\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-support.2.5.14.zip",89,"2025-02-24 00:00:00",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":163,"downloaded":164,"rating":123,"num_ratings":165,"last_updated":166,"tested_up_to":127,"requires_at_least":167,"requires_php":18,"tags":168,"homepage":172,"download_link":173,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"blob-mimes","Lord of the Files: Enhanced Upload Security","1.4.2","Blobfolio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblobfolio\u002F","\u003Cp>WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.\u003C\u002Fp>\n\u003Cp>Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.\u003C\u002Fp>\n\u003Cp>The main features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Robust \u003Cem>real\u003C\u002Fem> filetype detection;\u003C\u002Fli>\n\u003Cli>Full MIME alias mapping;\u003C\u002Fli>\n\u003Cli>SVG sanitization (if SVG uploads have been independently allowed);\u003C\u002Fli>\n\u003Cli>File upload validation debugger;\u003C\u002Fli>\n\u003Cli>Fixes issues related to \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40175\" rel=\"nofollow ugc\">#40175\u003C\u002Fa> that have been present since WordPress \u003Ccode>4.7.1\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Fixes ambiguous media extensions \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40921\" rel=\"nofollow ugc\">#40921\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.2 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or later.\u003C\u002Fli>\n\u003Cli>\u003Ccode>dom\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>fileinfo\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>mbstring\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>xml\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not make use of or collect any “Personal Data”.\u003C\u002Fp>\n","This plugin expands file-related security and sanity around the upload process.",1000,95238,11,"2025-09-17T03:38:00.000Z","5.2",[169,21,170,23,171],"file-validation","security-plugin","upload-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblob-mimes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblob-mimes.1.4.2.zip",{"slug":175,"name":176,"version":177,"author":178,"author_profile":179,"description":180,"short_description":181,"active_installs":182,"downloaded":183,"rating":123,"num_ratings":184,"last_updated":185,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":186,"homepage":188,"download_link":189,"security_score":123,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"svg-safe-uploads","SVG Safe Uploads","1.2","Muhammad Umer Shahzad","https:\u002F\u002Fprofiles.wordpress.org\u002Fumii020\u002F","\u003Cp>A lightweight WordPress plugin to safely upload and sanitize SVG files with admin controls. Enables secure SVG uploads in WordPress with sanitization and admin controls.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Markdown is what the parser uses to process much of the readme file.\u003C\u002Fp>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install plugin\u003C\u002Fli>\n\u003Cli>Configure settings\u003C\u002Fli>\n\u003Cli>Upload SVG files\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Secure upload of SVG files\u003C\u002Fli>\n\u003Cli>Sanitization for better security\u003C\u002Fli>\n\u003Cli>Admin control settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links require brackets and parenthesis:\u003C\u002Fp>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"https:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>. Link titles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Blockquotes are email style:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>And Backticks for code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php code(); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Securely upload SVG files in WordPress with built-in sanitization and admin settings.",20,491,1,"2025-06-18T16:43:00.000Z",[20,22,23,187],"uploads","https:\u002F\u002Fgithub.com\u002FUmii010\u002Fsvg-safe-uploads","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-safe-uploads.zip",{"slug":191,"name":192,"version":193,"author":194,"author_profile":195,"description":196,"short_description":197,"active_installs":198,"downloaded":199,"rating":29,"num_ratings":29,"last_updated":200,"tested_up_to":16,"requires_at_least":128,"requires_php":18,"tags":201,"homepage":204,"download_link":205,"security_score":206,"vuln_count":207,"unpatched_count":29,"last_vuln_date":208,"fetched_at":209},"support-svg","Support SVG – Upload svg files in wordpress without hassle","1.1.3","Sayedul Sayem","https:\u002F\u002Fprofiles.wordpress.org\u002Fsayedulsayem\u002F","\u003Cp>The SVG Support plugin enables SVG (Scalable Vector Graphics) support in WordPress. This lightweight plugin allows you to upload and use SVG files in your WordPress media library without any restrictions.\u003C\u002Fp>\n\u003Cp>This plugin is designed to be minimalistic and focuses solely on enabling SVG support. It does not enqueue any additional scripts or stylesheets in the frontend, ensuring it won’t affect the loading speed of your website.\u003C\u002Fp>\n\u003Cp>See plugin’s GitHub repo \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsayedulsayem\u002Fsupport-svg\" rel=\"nofollow ugc\">Support SVG\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enables SVG uploads in WordPress media library\u003C\u002Fli>\n\u003Cli>Supports SVG thumbnail display in the Media Library\u003C\u002Fli>\n\u003Cli>Applies necessary security measures to sanitize SVG uploads\u003C\u002Fli>\n\u003Cli>Lightweight and does not enqueue any frontend scripts or stylesheets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>PRIVACY POLICY\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, log, sell or trade any kind of information about your website. You can easily verify that this plugin is not phoning home using a network traffic inspector like \u003Ca href=\"https:\u002F\u002Fwww.wireshark.org\u002F\" rel=\"nofollow ugc\">WireShark\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>ABOUT THE MAKER\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I am \u003Ca href=\"https:\u002F\u002Fsayedulsayem.com\u002F\" rel=\"nofollow ugc\">Sayedul Sayem\u003C\u002Fa>, a Bangladeshi full-stack WordPress developer and free and open source enthusiast. You can contact me at my \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsayedulsayem\u002F\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> for consultation or just to say hello. I love talking to new people. So don’t hesitate.\u003C\u002Fp>\n","This plugin will help you to upload svg format image in WordPress media library regardless of the theme. That is, it works with every theme.",10,2718,"",[202,22,23,203,24],"sanitize","upload","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsupport-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.1.3.zip",99,2,"2024-11-25 20:18:41","2026-03-15T10:48:56.248Z",{"attackSurface":211,"codeSignals":325,"taintFlows":334,"riskAssessment":377,"analyzedAt":390},{"hooks":212,"ajaxHandlers":315,"restRoutes":322,"shortcodes":323,"cronEvents":324,"entryPointCount":184,"unprotectedCount":29},[213,218,223,227,232,235,240,242,246,249,252,255,258,261,265,268,272,276,280,283,287,291,295,299,303,308,310,312],{"type":214,"name":215,"callback":216,"priority":198,"file":217,"line":182},"filter","block_categories_all","anonymous","includes\\blocks.php",{"type":219,"name":220,"callback":220,"file":221,"line":222},"action","init","includes\\optimizer.php",30,{"type":219,"name":224,"callback":225,"file":221,"line":226},"admin_enqueue_scripts","enqueues",43,{"type":219,"name":228,"callback":229,"file":230,"line":231},"admin_init","settings_init","includes\\safe-svg-settings.php",19,{"type":214,"name":233,"callback":234,"priority":198,"file":230,"line":182},"pre_update_option_safe_svg_upload_roles","update_capability",{"type":219,"name":236,"callback":237,"file":238,"line":239},"admin_notices","closure","safe-svg.php",55,{"type":219,"name":236,"callback":237,"file":238,"line":241},79,{"type":219,"name":243,"callback":244,"file":238,"line":245},"load-upload.php","allow_svg_from_upload",132,{"type":219,"name":247,"callback":244,"file":238,"line":248},"load-post-new.php",133,{"type":219,"name":250,"callback":244,"file":238,"line":251},"load-post.php",134,{"type":219,"name":253,"callback":244,"file":238,"line":254},"load-site-editor.php",135,{"type":219,"name":256,"callback":237,"file":238,"line":257},"media_upload_tabs",140,{"type":219,"name":220,"callback":259,"file":238,"line":260},"setup_blocks",150,{"type":214,"name":262,"callback":263,"file":238,"line":264},"wp_handle_sideload_prefilter","check_for_svg",151,{"type":214,"name":266,"callback":263,"file":238,"line":267},"wp_handle_upload_prefilter",152,{"type":214,"name":269,"callback":270,"priority":198,"file":238,"line":271},"wp_prepare_attachment_for_js","fix_admin_preview",153,{"type":214,"name":273,"callback":274,"priority":198,"file":238,"line":275},"wp_get_attachment_image_src","one_pixel_fix",154,{"type":214,"name":277,"callback":278,"priority":198,"file":238,"line":279},"admin_post_thumbnail_html","featured_image_fix",155,{"type":219,"name":224,"callback":281,"file":238,"line":282},"load_custom_admin_style",156,{"type":219,"name":284,"callback":285,"priority":198,"file":238,"line":286},"get_image_tag","get_image_tag_override",157,{"type":214,"name":288,"callback":289,"priority":198,"file":238,"line":290},"wp_generate_attachment_metadata","skip_svg_regeneration",158,{"type":214,"name":292,"callback":293,"priority":198,"file":238,"line":294},"wp_get_attachment_metadata","metadata_error_fix",159,{"type":214,"name":296,"callback":297,"priority":198,"file":238,"line":298},"wp_calculate_image_srcset_meta","disable_srcset",160,{"type":214,"name":300,"callback":301,"file":238,"line":302},"upload_mimes","allow_svg",171,{"type":214,"name":304,"callback":305,"priority":306,"file":238,"line":307},"wp_check_filetype_and_ext","fix_mime_type_svg",75,172,{"type":214,"name":300,"callback":301,"file":238,"line":309},274,{"type":214,"name":304,"callback":305,"priority":306,"file":238,"line":311},275,{"type":214,"name":313,"callback":313,"file":238,"line":314},"pre_move_uploaded_file",282,[316],{"action":317,"nopriv":318,"callback":319,"hasNonce":320,"hasCapCheck":320,"file":221,"line":321},"safe_svg_optimize",false,"optimize",true,44,[],[],[],{"dangerousFunctions":326,"sqlUsage":327,"outputEscaping":329,"fileOperations":332,"externalRequests":29,"nonceChecks":184,"capabilityChecks":125,"bundledLibraries":333},[],{"prepared":29,"raw":29,"locations":328},[],{"escaped":330,"rawEcho":29,"locations":331},37,[],4,[],[335,364],{"entryPoint":336,"graph":337,"unsanitizedCount":184,"severity":41},"optimize (includes\\optimizer.php:153)",{"nodes":338,"edges":360},[339,344,350,353,357],{"id":340,"type":341,"label":342,"file":221,"line":343},"n0","source","$_GET",173,{"id":345,"type":346,"label":347,"file":221,"line":348,"wp_function":349},"n1","sink","file_put_contents() [File Write]",182,"file_put_contents",{"id":351,"type":341,"label":342,"file":221,"line":352},"n2",176,{"id":354,"type":355,"label":356,"file":221,"line":352},"n3","transform","→ sanitize()",{"id":358,"type":346,"label":347,"file":238,"line":359,"wp_function":349},"n4",367,[361,362,363],{"from":340,"to":345,"sanitized":320},{"from":351,"to":354,"sanitized":318},{"from":354,"to":358,"sanitized":318},{"entryPoint":365,"graph":366,"unsanitizedCount":184,"severity":41},"\u003Coptimizer> (includes\\optimizer.php:0)",{"nodes":367,"edges":373},[368,369,370,371,372],{"id":340,"type":341,"label":342,"file":221,"line":343},{"id":345,"type":346,"label":347,"file":221,"line":348,"wp_function":349},{"id":351,"type":341,"label":342,"file":221,"line":352},{"id":354,"type":355,"label":356,"file":221,"line":352},{"id":358,"type":346,"label":347,"file":238,"line":359,"wp_function":349},[374,375,376],{"from":340,"to":345,"sanitized":320},{"from":351,"to":354,"sanitized":318},{"from":354,"to":358,"sanitized":318},{"summary":378,"deductions":379},"The \"safe-svg\" v2.4.0 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to several security best practices. All identified SQL queries utilize prepared statements, output is consistently escaped, and the plugin implements nonce and capability checks where appropriate. The attack surface, while small with only one AJAX handler, is noted as unprotected in the static analysis, which is a concern. Taint analysis did identify flows with unsanitized paths, although no critical or high severity issues were found in this analysis, suggesting potential for input manipulation even if not immediately exploitable in a critical way.\n\nThe plugin's vulnerability history is a significant concern, with a total of 6 known CVEs, including 2 high and 4 medium severity vulnerabilities. The fact that none are currently unpatched is positive, but the recurring nature of past vulnerabilities, particularly Cross-site Scripting and Uncontrolled Resource Consumption, indicates a pattern of past weaknesses that require vigilant monitoring. The most recent vulnerability was identified in October 2024, highlighting that the plugin has had recent security issues.\n\nIn conclusion, while \"safe-svg\" v2.4.0 demonstrates good coding practices in areas like SQL and output handling, the unprotected AJAX entry point and its history of significant vulnerabilities, especially XSS and resource consumption, present notable risks. Developers should prioritize addressing any potential input sanitization gaps and maintain a robust patch management process for this plugin.",[380,383,385,387],{"reason":381,"points":382},"Unprotected AJAX entry point",8,{"reason":384,"points":198},"Flows with unsanitized paths",{"reason":386,"points":182},"History of 2 high severity CVEs",{"reason":388,"points":389},"History of 4 medium severity CVEs",16,"2026-03-16T16:59:01.761Z",{"wat":392,"direct":401},{"assetPaths":393,"generatorPatterns":396,"scriptPaths":397,"versionParams":398},[394,395],"\u002Fwp-content\u002Fplugins\u002Fsafe-svg\u002Fbuild\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsafe-svg\u002Fbuild\u002Fjs\u002Fadmin.js",[],[395],[399,400],"safe-svg\u002Fbuild\u002Fcss\u002Fadmin.css?ver=","safe-svg\u002Fbuild\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":402,"htmlComments":404,"htmlAttributes":405,"restEndpoints":407,"jsGlobals":408,"shortcodeOutput":410},[403],"safe-svg-admin-notice",[],[406],"data-safe-svg-error",[],[409],"wp.media",[]]