[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDjriJs_W4E7su4dYHQd2Oqx6FYFFvqRX7npMaj1yEAI":3,"$ftS6PfbLl_PoyUicsHjCRod2Pv77vriQT0XqmECNnJNk":233,"$fMk8u3TAY0Ctxpx4GOonLn1537cQnn274MMod3NQoohE":238},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":63,"crawl_stats":37,"alternatives":69,"analysis":161,"fingerprints":216},"support-svg","Support SVG – Upload svg files in wordpress without hassle","1.1.3","Sayedul Sayem","https:\u002F\u002Fprofiles.wordpress.org\u002Fsayedulsayem\u002F","\u003Cp>The SVG Support plugin enables SVG (Scalable Vector Graphics) support in WordPress. This lightweight plugin allows you to upload and use SVG files in your WordPress media library without any restrictions.\u003C\u002Fp>\n\u003Cp>This plugin is designed to be minimalistic and focuses solely on enabling SVG support. It does not enqueue any additional scripts or stylesheets in the frontend, ensuring it won’t affect the loading speed of your website.\u003C\u002Fp>\n\u003Cp>See plugin’s GitHub repo \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsayedulsayem\u002Fsupport-svg\" rel=\"nofollow ugc\">Support SVG\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enables SVG uploads in WordPress media library\u003C\u002Fli>\n\u003Cli>Supports SVG thumbnail display in the Media Library\u003C\u002Fli>\n\u003Cli>Applies necessary security measures to sanitize SVG uploads\u003C\u002Fli>\n\u003Cli>Lightweight and does not enqueue any frontend scripts or stylesheets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>PRIVACY POLICY\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, log, sell or trade any kind of information about your website. You can easily verify that this plugin is not phoning home using a network traffic inspector like \u003Ca href=\"https:\u002F\u002Fwww.wireshark.org\u002F\" rel=\"nofollow ugc\">WireShark\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>ABOUT THE MAKER\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I am \u003Ca href=\"https:\u002F\u002Fsayedulsayem.com\u002F\" rel=\"nofollow ugc\">Sayedul Sayem\u003C\u002Fa>, a Bangladeshi full-stack WordPress developer and free and open source enthusiast. You can contact me at my \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fsayedulsayem\u002F\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> for consultation or just to say hello. I love talking to new people. So don’t hesitate.\u003C\u002Fp>\n","This plugin will help you to upload svg format image in WordPress media library regardless of the theme. That is, it works with every theme.",20,2796,0,"2026-01-20T22:11:00.000Z","6.9.4","5.0","7.4",[19,20,21,22,23],"sanitize","security","svg","upload","vector","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsupport-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.1.3.zip",99,2,"2024-11-25 20:18:41","2026-04-16T10:56:18.058Z","no_bundle",[32,50],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":28,"updated_date":44,"references":45,"days_to_patch":47,"patch_diff_files":48,"patch_trac_url":37,"research_status":37,"research_verified":49,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":49,"poc_model_used":37,"poc_verification_depth":37},"CVE-2024-11091","support-svg-upload-svg-files-in-wordpress-without-hassle-authenticated-author-stored-cross-site-scripting-via-svg-file-u","Support SVG – Upload svg files in wordpress without hassle \u003C= 1.1.0 -  Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload","The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",null,"\u003C=1.1.0","1.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-26 08:31:56",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd9207baf-348c-4d3b-a6f0-cbfcd2624f78?source=api-prod",1,[],false,{"id":51,"url_slug":52,"title":53,"description":54,"plugin_slug":4,"theme_slug":37,"affected_versions":55,"patched_in_version":56,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61,"patch_diff_files":62,"patch_trac_url":37,"research_status":37,"research_verified":49,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":49,"poc_model_used":37,"poc_verification_depth":37},"CVE-2024-4272","support-svg-authenticated-author-stored-cross-site-scripting-via-svg","Support SVG \u003C= 1.0.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG","The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","\u003C=1.0.0","1.1.0","2024-06-22 00:00:00","2024-06-27 14:28:05",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe7bb5c89-93db-4454-a16d-b99fc14737f8?source=api-prod",6,[],{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":65,"trust_score":67,"computed_at":68},"sayedulsayem",4,10020,100,"2026-05-20T08:02:47.326Z",[70,88,110,129,143],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":13,"num_ratings":13,"last_updated":80,"tested_up_to":81,"requires_at_least":16,"requires_php":17,"tags":82,"homepage":86,"download_link":87,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"secure-svg","Secure SVG Upload","1.0.3","Fahim Reza","https:\u002F\u002Fprofiles.wordpress.org\u002Fbadhonrocks\u002F","\u003Cp>\u003Cstrong>Secure SVG Upload\u003C\u002Fstrong> lets you upload SVG files to your WordPress media library. With built-in sanitization that removes harmful content while preserving valid SVG markup, this plugin offers comprehensive protection and reliable management for your vector images.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>SVG Upload Support:\u003C\u002Fstrong> Add SVG files directly to your media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Sanitization:\u003C\u002Fstrong> Each SVG upload is cleaned by default to prevent security risks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Secure SVG does not collect or store any personal data.\u003C\u002Fp>\n","Safely upload SVG files in WordPress with robust SVG support and automatic sanitization.",10,704,"2025-08-06T00:26:00.000Z","6.8.5",[83,20,21,84,85],"sanitize-svg","svg-upload","uploads","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-svg.1.0.3.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":17,"tags":103,"homepage":106,"download_link":107,"security_score":108,"vuln_count":61,"unpatched_count":13,"last_vuln_date":109,"fetched_at":29},"safe-svg","Safe SVG","2.4.0","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Safe SVG is the best way to Allow SVG Uploads in WordPress!\u003C\u002Fp>\n\u003Cp>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sanitised SVGs\u003C\u002Fstrong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SVGO Optimisation\u003C\u002Fstrong> – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: \u003Ccode>add_filter( 'safe_svg_optimizer_enabled', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in the Media Library\u003C\u002Fstrong> – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Who Can Upload\u003C\u002Fstrong> – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Initially a proof of concept for \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F24251\" rel=\"nofollow ugc\">#24251\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Sanitization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Optimization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\u003C\u002Fa>.\u003C\u002Fp>\n","Enable SVG uploads and sanitize them to stop XML\u002FSVG vulnerabilities in your WordPress website.",1000000,12850590,98,77,"2026-04-14T13:35:00.000Z","7.0","6.6",[104,105,20,21,23],"media","mime","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-svg.2.4.0.zip",94,"2024-10-17 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":67,"num_ratings":120,"last_updated":121,"tested_up_to":81,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":127,"download_link":128,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"blob-mimes","Lord of the Files: Enhanced Upload Security","1.4.2","Blobfolio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblobfolio\u002F","\u003Cp>WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.\u003C\u002Fp>\n\u003Cp>Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.\u003C\u002Fp>\n\u003Cp>The main features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Robust \u003Cem>real\u003C\u002Fem> filetype detection;\u003C\u002Fli>\n\u003Cli>Full MIME alias mapping;\u003C\u002Fli>\n\u003Cli>SVG sanitization (if SVG uploads have been independently allowed);\u003C\u002Fli>\n\u003Cli>File upload validation debugger;\u003C\u002Fli>\n\u003Cli>Fixes issues related to \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40175\" rel=\"nofollow ugc\">#40175\u003C\u002Fa> that have been present since WordPress \u003Ccode>4.7.1\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Fixes ambiguous media extensions \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40921\" rel=\"nofollow ugc\">#40921\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.2 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or later.\u003C\u002Fli>\n\u003Cli>\u003Ccode>dom\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>fileinfo\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>mbstring\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>xml\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not make use of or collect any “Personal Data”.\u003C\u002Fp>\n","This plugin expands file-related security and sanity around the upload process.",1000,95970,11,"2025-09-17T03:38:00.000Z","5.2",[124,105,125,21,126],"file-validation","security-plugin","upload-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblob-mimes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblob-mimes.1.4.2.zip",{"slug":130,"name":131,"version":73,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":118,"downloaded":136,"rating":67,"num_ratings":27,"last_updated":137,"tested_up_to":15,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":86,"download_link":142,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"upload-svg","Upload SVG","html5maps","https:\u002F\u002Fprofiles.wordpress.org\u002Fhtml5maps\u002F","\u003Cp>Upload SVG is a secure and user-friendly WordPress plugin that allows you to safely upload and manage SVG files in your Media Library. SVG files can potentially contain malicious code, but with Upload SVG, you can enable automatic sanitization to prevent XML\u002FSVG vulnerabilities on your website. This plugin ensures your SVG uploads are handled with enhanced security while offering a seamless user experience.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Securely upload SVG files to your Media Library.\u003C\u002Fli>\n\u003Cli>Enable automatic sanitization to protect against XML\u002FSVG vulnerabilities.\u003C\u002Fli>\n\u003Cli>Effortlessly manage and preview SVG files in your Media Library.\u003C\u002Fli>\n\u003Cli>Restrict SVG uploads to trusted user roles for additional security.\u003C\u002Fli>\n\u003Cli>Seamless integration with the latest version of WordPress.\u003C\u002Fli>\n\u003Cli>Lightweight and optimized for optimal performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>SVG Sanitization is implemented using the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n","Safely enable SVG uploads with sanitization and prevent XML\u002FSVG vulnerabilities on your WordPress website. Preview SVG files in your Media Library.",8760,"2025-12-03T15:44:00.000Z","5.7","7.1",[19,21,141,84,22],"svg-support","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupload-svg.1.0.3.zip",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":151,"downloaded":152,"rating":13,"num_ratings":13,"last_updated":153,"tested_up_to":154,"requires_at_least":138,"requires_php":155,"tags":156,"homepage":86,"download_link":159,"security_score":160,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"oh-my-svg","OH MY Svg","0.1.3","Erik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodekraft\u002F","\u003Cp>This plugin provides a Svg Block to your block editor, this can be used with any svg icon or image (or even a html snippet). Some key features are provided like automatic markup sanitation, optimization (svgo), and small utility to change the color and the markup that will be very useful for you to create variations of your image.\u003C\u002Fp>\n\u003Cp>This block has the same controls as the images, but actually the content is xml markup, and you can change it as you like! This allows thousands of possibilities… You will be able to use css animations or js scripts to animate it, change the inner text of the svg, create variations of the same svg.\u003Cbr \u002F>\nHowever, this has the disadvantage that the svg will not be copied into the media library, so if you plan to use the same svg several times (buttons, icons, etc.) you are better off creating a reusable block\u003C\u002Fp>\n\u003Cp>From a performance point of view, be aware that the image will not be included as an external resource, but will instead be within the markup of the page, thus making svg even faster than it already is.\u003C\u002Fp>\n\u003Ch3>Svg are awesome because:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✌️ Are always super sharp!\u003C\u002Fli>\n\u003Cli>🪶 Incredibly lightweight and doesn’t require any additional resize image (you only need one source for all screen sizes and resolutions)\u003C\u002Fli>\n\u003Cli>⚡ Increased page performance! Using inline SVGs saves can save dozens of requests and save server download bandwith.\u003C\u002Fli>\n\u003Cli>🎉 highly customisable and animatable! Embedded svgs are easy to be animated, just use css!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Since this plugin doesn’t enable uploads of svg images into media library could be considered safer than all the others that enable the upload.\u003Cbr \u002F>\nAs if that wasn’t enough Svg’s will be cleaned with DOM purify which indeed is a first class js purifier, those used in php try to mimic how it works.\u003C\u002Fp>\n\u003Cp>Svg will be included within the pages as xml fragments, so they will not be processed by imagemagick and cannot be uploaded by anyone from website “side”. Only those with permissions to use the editor will be allowed to ‘upload’ (or rather include) them.\u003C\u002Fp>\n\u003Ch4>Inspirations, links\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.slideshare.net\u002Fx00mario\u002Fthe-image-that-called-me\" rel=\"nofollow ugc\">Mario Heiderich the-image-that-called-me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.fortinet.com\u002Fblog\u002Fthreat-research\u002Fscalable-vector-graphics-attack-surface-anatomy\" rel=\"nofollow ugc\">Fortinet – Anatomy of Scalable Vector Graphics (Svg) Attack Surface on the Web\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>dompurify © 2015 Mario Heiderich, \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fcure53\u002FDOMPurify\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">Apache License Version 2.0\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>svgo © 2021 Kir Belevich, \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fsvg\u002Fsvgo\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">MIT License\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>We love your input! We want to make contributing to this project as easy and transparent as possible, whether it’s:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reporting a bug\u003C\u002Fli>\n\u003Cli>Discussing the current state, features, improvements\u003C\u002Fli>\n\u003Cli>Submitting a fix 💯 or a new feature 🎉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.\u003Cbr \u002F>\nBy contributing, you agree that your contributions will be licensed under its GPLv3 License.\u003C\u002Fp>\n","Add any svg to your website with the superpowers of the block editor. Out-of-the-box security and speed optimization!",200,2938,"2023-02-06T15:08:00.000Z","6.1.10","7.1.0",[157,158,21,22,23],"blocks","icon","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foh-my-svg.0.1.3.zip",85,{"attackSurface":162,"codeSignals":194,"taintFlows":201,"riskAssessment":202,"analyzedAt":215},{"hooks":163,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":13,"unprotectedCount":13},[164,170,175,179,182,186],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","plugins_loaded","init_plugin","includes\\SupportSvg.php",24,{"type":171,"name":172,"callback":173,"file":168,"line":174},"filter","upload_mimes","svg_modify_mimes",42,{"type":171,"name":176,"callback":177,"file":168,"line":178},"wp_handle_sideload_prefilter","check_for_svg",43,{"type":171,"name":180,"callback":177,"file":168,"line":181},"wp_handle_upload_prefilter",44,{"type":171,"name":183,"callback":184,"priority":78,"file":168,"line":185},"wp_check_filetype_and_ext","fix_mime_type_svg",45,{"type":165,"name":187,"callback":188,"file":168,"line":189},"admin_head","svg_thumbnail_support",47,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":27,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":13,"raw":13,"locations":197},[],{"escaped":13,"rawEcho":13,"locations":199},[],[],[],{"summary":203,"deductions":204},"The \"support-svg\" plugin v1.1.3 demonstrates a generally strong security posture in its static analysis.  It adheres to best practices by utilizing prepared statements for all SQL queries, ensuring proper output escaping, and having no identified critical or high severity taint flows. The absence of a significant attack surface with unprotected entry points is also a positive indicator. However, the plugin's vulnerability history is a significant concern.  With two known medium severity CVEs, both related to Cross-Site Scripting (XSS), the plugin has shown a pattern of introducing vulnerabilities that could allow for malicious code injection. The fact that the last vulnerability was relatively recent (November 2024) and is currently unpatched, despite the version number being higher, suggests a potential ongoing issue with code quality or a lack of timely security updates.\n\nWhile the current static analysis is clean, the historical vulnerability data strongly suggests that this plugin should be treated with caution. The two medium severity XSS vulnerabilities indicate a recurring weakness in input sanitization or output encoding, which could be present in subtle ways not caught by the current static analysis or that have been fixed in this specific version but indicate a higher likelihood of future issues. The absence of capability checks and nonce checks on potential AJAX or REST API endpoints (though none are currently identified) leaves a theoretical gap for future vulnerabilities if these features are added without proper security controls. Therefore, despite the promising static analysis, the plugin's past security record necessitates a degree of skepticism and careful monitoring.",[205,208,210,213],{"reason":206,"points":207},"Two medium severity XSS vulnerabilities in history",15,{"reason":209,"points":78},"Historically prone to XSS, lack of recent patch",{"reason":211,"points":212},"No capability checks",5,{"reason":214,"points":212},"No nonce checks","2026-03-16T23:13:24.419Z",{"wat":217,"direct":226},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fsupport-svg\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsupport-svg\u002Fassets\u002Fjs\u002Fadmin.js",[],[220],[224,225],"support-svg\u002Fassets\u002Fcss\u002Fadmin.css?ver=","support-svg\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":227,"htmlComments":228,"htmlAttributes":229,"restEndpoints":230,"jsGlobals":231,"shortcodeOutput":232},[],[],[],[],[],[],{"error":234,"url":235,"statusCode":236,"statusMessage":237,"message":237},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsupport-svg\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":212,"versions":239},[240,245,252,258,265],{"version":6,"download_url":25,"svn_tag_url":241,"released_at":37,"has_diff":49,"diff_files_changed":242,"diff_lines":37,"trac_diff_url":243,"vulnerabilities":244,"is_current":234},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsupport-svg\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsupport-svg%2Ftags%2F1.1.2&new_path=%2Fsupport-svg%2Ftags%2F1.1.3",[],{"version":246,"download_url":247,"svn_tag_url":248,"released_at":37,"has_diff":49,"diff_files_changed":249,"diff_lines":37,"trac_diff_url":250,"vulnerabilities":251,"is_current":49},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsupport-svg\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsupport-svg%2Ftags%2F1.1.1&new_path=%2Fsupport-svg%2Ftags%2F1.1.2",[],{"version":39,"download_url":253,"svn_tag_url":254,"released_at":37,"has_diff":49,"diff_files_changed":255,"diff_lines":37,"trac_diff_url":256,"vulnerabilities":257,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsupport-svg\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsupport-svg%2Ftags%2F1.1.0&new_path=%2Fsupport-svg%2Ftags%2F1.1.1",[],{"version":56,"download_url":259,"svn_tag_url":260,"released_at":37,"has_diff":49,"diff_files_changed":261,"diff_lines":37,"trac_diff_url":262,"vulnerabilities":263,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsupport-svg\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsupport-svg%2Ftags%2F1.0.0&new_path=%2Fsupport-svg%2Ftags%2F1.1.0",[264],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":266,"download_url":267,"svn_tag_url":268,"released_at":37,"has_diff":49,"diff_files_changed":269,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":270,"is_current":49},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupport-svg.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsupport-svg\u002Ftags\u002F1.0.0\u002F",[],[271,272],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"id":51,"url_slug":52,"title":53,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":56}]