[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhirhzFTTNRDfVE2V4MEzTMIwsh1bEayu9DL_fBNeN54":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":110,"crawl_stats":38,"alternatives":118,"analysis":215,"fingerprints":394},"svg-support","SVG Support","2.5.14","Benbodhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenbodhi\u002F","\u003Cp>\u003Cstrong>The complete SVG solution for WordPress – secure, flexible, and easy to use.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG Support enables secure SVG uploads with powerful features for both basic users and developers:\u003C\u002Fp>\n\u003Cp>✨ \u003Cstrong>Key Features\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Secure SVG uploads with automatic sanitization\u003Cbr \u002F>\n– Inline rendering for direct CSS\u002FJS manipulation\u003Cbr \u002F>\n– File size optimization through minification\u003Cbr \u002F>\n– Role-based access control\u003Cbr \u002F>\n– Advanced developer options\u003Cbr \u002F>\n– Multisite compatible\u003Cbr \u002F>\n– Full Block Editor (Gutenberg) compatibility\u003C\u002Fp>\n\u003Cp>🔒 \u003Cstrong>Security First\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Built-in sanitization removes potentially harmful code\u003Cbr \u002F>\n– Role-based upload restrictions\u003Cbr \u002F>\n– Comprehensive MIME type validation\u003C\u002Fp>\n\u003Cp>🎨 \u003Cstrong>Designer Friendly\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Direct styling of SVG elements\u003Cbr \u002F>\n– Animation support\u003Cbr \u002F>\n– Custom class targeting\u003Cbr \u002F>\n– Automatic dimension handling\u003C\u002Fp>\n\u003Cp>💻 \u003Cstrong>Developer Ready\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Advanced mode for additional features\u003Cbr \u002F>\n– REST API support\u003Cbr \u002F>\n– Gutenberg compatible\u003Cbr \u002F>\n– Extensive hooks and filters\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Basic Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– First, install and activate SVG Support via your WordPress dashboard\u003Cbr \u002F>\n– Upload SVG files to your media library like any other image\u003Cbr \u002F>\n– Works seamlessly with Image blocks, Cover blocks and featured images\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Enable “Advanced Mode” for minification and inline rendering\u003Cbr \u002F>\n– Customize with hooks and filters for tailored functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to enable inline rendering:\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Image blocks\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Cover blocks to render SVG backgrounds inline\u003Cbr \u002F>\n– Use “Skip Nested SVGs” setting to control inline rendering of SVGs within Cover blocks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Classic Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to \u003Ccode>\u003Cimg>\u003C\u002Fcode> tags for inline rendering\u003Cbr \u002F>\n– Enable “Auto Insert Class” option for automatic class insertion in Classic Editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Common Issues & Solutions\u003C\u002Fstrong>:\u003Cbr \u002F>\n– SVG not displaying? Ensure dimensions are set in CSS.\u003Cbr \u002F>\n– Need help? Use the support tab and I will do my best to assist you.\u003C\u002Fp>\n\u003Ch3>Spin up a test site\u003C\u002Fh3>\n\u003Cp>With a single click, you can spin up a completely free test site to test SVG Support using TasteWP! No sign up, no cards, nothing! How cool is that? Give it a go:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew?pre-installed-plugin-slug=svg-support&redirect=options-general.php%3Fpage%3Dsvg-support&ni=true\" rel=\"nofollow ugc\">Click Here to spin up a test site in seconds\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>SVG Support prioritizes security with automatic sanitization and role-based restrictions. Only trusted users should have upload permissions. Configure settings to balance functionality and security.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>I’m open to your \u003Ca href=\"mailto:wp@benbodhi.com\" rel=\"nofollow ugc\">suggestions and feedback\u003C\u002Fa> – Thanks for using SVG Support!\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsvgsupport\" rel=\"nofollow ugc\">@SVGSupport\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Fwarpcast.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Warpcast\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> I hope you like this plugin! Please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsvg-support?filter=5#postform\" rel=\"ugc\">rate it\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Development & Contributing\u003C\u002Fh3>\n\u003Cp>The development version of SVG Support is maintained on GitHub. Feel free to contribute:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Submit bug reports or feature suggestions: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contribute code via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fpulls\" rel=\"nofollow ugc\">Pull Requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Development repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Contribute translations \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsvg-support\" rel=\"nofollow ugc\">here\u003C\u002Fa>. New to translating? Check the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftools\u002Fglotpress-translate-wordpress-org\u002F\" rel=\"nofollow ugc\">Translator Handbook\u003C\u002Fa>.\u003C\u002Fp>\n","Securely upload SVG files to your media library, with built-in sanitization and advanced features for styling and animation.",1000000,12632236,96,354,"2025-02-25T08:34:00.000Z","6.7.5","5.8","7.4",[20,21,22,23,24],"mime-type","safe-svg","sanitization","svg","vector","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsvg-support\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-support.2.5.14.zip",89,6,0,"2025-02-24 00:00:00","2026-03-15T15:16:48.613Z",[33,49,62,74,86,97],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-23638","svg-support-stored-cross-site-scripting-via-vulnerability-dependency","SVG Support \u003C= 2.5.8 - Stored Cross-Site Scripting via Vulnerability Dependency","The SVG Support plugin for WordPress is running a vulnerable dependency (svg-sanitize, 0.14.1) in all versions up to, and including, 2.5.8. The vulnerable dependency has a Stored Cross-Site Scripting vulnerability due to insufficient SVG sanitization. The SVG Support plugin may be exploited if the uploaded SVG image is included in line in an HTML page.",null,"\u003C=2.5.8","2.5.9","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-24 22:55:13",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff6a41a90-d116-4cb5-9627-08eb70f9654d?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":58,"updated_date":59,"references":60,"days_to_patch":48},"CVE-2024-10222","svg-support-authenticated-author-stored-cross-site-scripting-via-svg-file-upload","SVG Support \u003C= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload","The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors.","\u003C=2.5.10","2.5.11",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-02-21 00:37:00","2025-02-21 13:41:31",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5852f08d-0506-464e-afd1-c625e4034e1d?source=api-prod",{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2023-6708","svg-support-authenticated-author-cross-site-scripting-via-svg","SVG Support \u003C= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG","The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image\u002Fsvg+xml.","\u003C=2.5.7","2.5.8","2024-07-17 00:00:00","2024-08-15 14:17:41",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=api-prod",30,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":79,"patched_in_version":80,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":81,"updated_date":82,"references":83,"days_to_patch":85},"CVE-2022-4022","svg-support-insecure-plugin-defaults-to-cross-site-scripting","SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting","The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.",">=2.5 \u003C=2.5.1","2.5.2","2022-11-16 00:00:00","2024-01-22 19:56:02",[84],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fddcf7901-e9cf-4ca0-87ae-70ecac09d102?source=api-prod",433,{"id":87,"url_slug":88,"title":89,"description":90,"plugin_slug":4,"theme_slug":38,"affected_versions":91,"patched_in_version":92,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":93,"updated_date":82,"references":94,"days_to_patch":96},"CVE-2022-1755","svg-support-authenticated-author-stored-cross-site-scripting","SVG Support \u003C= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting","The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockip’ parameter in versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.4.2","2.5","2022-09-05 00:00:00",[95],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F250edcf8-b56e-4714-9207-25bab2adaf9c?source=api-prod",505,{"id":98,"url_slug":99,"title":100,"description":101,"plugin_slug":4,"theme_slug":38,"affected_versions":102,"patched_in_version":103,"severity":41,"cvss_score":104,"cvss_vector":105,"vuln_type":44,"published_date":106,"updated_date":82,"references":107,"days_to_patch":109},"CVE-2021-24686","svg-support-admin-cross-site-scripting","SVG Support \u003C= 2.3.19 Admin+ Cross-Site Scripting","The SVG Support WordPress plugin before 2.3.20 does not escape the \"CSS Class to target\" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","\u003C=2.3.19","2.3.20",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-01-03 00:00:00",[108],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9e9fcaf5-d531-4b14-b8b1-d8090243cf0c?source=api-prod",750,{"slug":111,"display_name":7,"profile_url":8,"plugin_count":112,"total_installs":113,"avg_security_score":114,"avg_patch_time_days":115,"trust_score":116,"computed_at":117},"benbodhi",2,1001000,91,287,73,"2026-04-03T23:04:31.557Z",[119,140,161,178,199],{"slug":21,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":11,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":136,"download_link":137,"security_score":138,"vuln_count":28,"unpatched_count":29,"last_vuln_date":139,"fetched_at":31},"Safe SVG","2.4.0","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Safe SVG is the best way to Allow SVG Uploads in WordPress!\u003C\u002Fp>\n\u003Cp>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sanitised SVGs\u003C\u002Fstrong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SVGO Optimisation\u003C\u002Fstrong> – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: \u003Ccode>add_filter( 'safe_svg_optimizer_enabled', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in the Media Library\u003C\u002Fstrong> – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Who Can Upload\u003C\u002Fstrong> – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Initially a proof of concept for \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F24251\" rel=\"nofollow ugc\">#24251\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Sanitization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Optimization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\u003C\u002Fa>.\u003C\u002Fp>\n","Enable SVG uploads and sanitize them to stop XML\u002FSVG vulnerabilities in your WordPress website.",12729263,98,77,"2026-01-04T21:05:00.000Z","6.9.4","6.6",[133,134,135,23,24],"media","mime","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-svg.2.4.0.zip",94,"2024-10-17 00:00:00",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":150,"num_ratings":151,"last_updated":152,"tested_up_to":130,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":157,"download_link":158,"security_score":159,"vuln_count":112,"unpatched_count":29,"last_vuln_date":160,"fetched_at":31},"wp-svg-images","WP SVG Images","4.4","ShortPixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fshortpixel\u002F","\u003Cp>\u003Cstrong>Securely upload SVG files to your Media Library. Uploaded SVG files are automatically sanitized.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG stands for \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FScalable_Vector_Graphics\" rel=\"nofollow ugc\">Scalable Vector Graphics\u003C\u002Fa> and is probably the most efficient way to display images.\u003Cbr \u002F>\nWP SVG Images Plugin is an \u003Cstrong>easy-to-use and lightweight plugin\u003C\u002Fstrong> that allows you to upload SVG files to your media library safely and easily.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for SVG uploads to your Media Library.\u003C\u002Fli>\n\u003Cli>Sanitize uploaded SVG files. Malicious SVG\u002FXML files are rejected from upload.\u003C\u002Fli>\n\u003Cli>Admin configurable SVG support for different user roles. Ability to disable SVG upload for different user roles.\u003C\u002Fli>\n\u003Cli>Different user roles can upload and\u002For sanitize the uploaded SVG images.\u003C\u002Fli>\n\u003Cli>SVG preview in Media Library.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>24\u002F7 SVG support offered by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">here\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-svg-images\u002F\" rel=\"ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended plugins\u003C\u002Fh4>\n\u003Cp>This plugin is supported & maintained by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002F\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa>.\u003Cbr \u002F>\nOther popular plugins by ShortPixel:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffastpixel-website-accelerator\u002F\" rel=\"ugc\">FastPixel Caching\u003C\u002Fa> – WP Optimization made easy\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel Image Optimizer\u003C\u002Fa> – Image optimization & compression for all the images on your website, including WebP delivery – ShortPixel Image Optimizer.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-adaptive-images\u002F\" rel=\"ugc\">ShortPixel Adaptive Images\u003C\u002Fa> – On-the-fly image optimization & CDN delivery.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-media-replace\u002F\" rel=\"ugc\">Enable Media Replace\u003C\u002Fa> – Easily replace images or files in Media Library.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails-advanced\u002F\" rel=\"ugc\">reGenerate Thumbnails Advanced\u003C\u002Fa> – Easily regenerate thumbnails.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresize-image-after-upload\u002F\" rel=\"ugc\">Resize Image After Upload\u003C\u002Fa> – Automatically resize each uploaded image.\u003C\u002Fp>\n\u003Ch3>Hooks for developers\u003C\u002Fh3>\n\u003Ch4>WPSVG_setAllowedTags\u003C\u002Fh4>\n\u003Cp>Allows you to specify more tags that will be not removed during sanitization\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'WPSVG_setAllowedTags', 'my_custom_allowed_svg_tags', 10, 1 );\nfunction my_custom_allowed_svg_tags( $tags ){\n    $tags[] = 'path';\n    return $tags;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPSVG_setAllowedAttrs\u003C\u002Fh4>\n\u003Cp>Allows you to specify more attributes that will be not removed during sanitization\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'WPSVG_setAllowedAttrs', 'my_custom_allowed_svg_attributes', 10, 1 );\nfunction my_custom_allowed_svg_attributes( $attributes ){\n    $attributes[] = 'fill';\n    return $attributes;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Add SVG support to your WP website. Securely upload SVG files, automatic sanitization, Media Library preview.",30000,304959,100,12,"2025-12-10T11:53:00.000Z","3.0.1","5.6.40",[22,23,4,156],"svg-upload","https:\u002F\u002Fshortpixel.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-svg-images.4.4.zip",99,"2024-06-20 00:00:00",{"slug":162,"name":163,"version":164,"author":163,"author_profile":165,"description":166,"short_description":167,"active_installs":168,"downloaded":169,"rating":150,"num_ratings":112,"last_updated":170,"tested_up_to":130,"requires_at_least":171,"requires_php":172,"tags":173,"homepage":175,"download_link":176,"security_score":127,"vuln_count":112,"unpatched_count":29,"last_vuln_date":177,"fetched_at":31},"svgator","SVGator","1.3.5","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvgator\u002F","\u003Cp>Import your SVG files created in \u003Ca href=\"https:\u002F\u002Fwww.svgator.com\" rel=\"nofollow ugc\">SVGator\u003C\u002Fa> to your WordPress media library and use them as normal image files. This plugin lets you comfortably access all your animation projects and makes it super-easy to add them to your page. You are free to choose an SVG with either CSS or JavaScript as the animation type.\u003C\u002Fp>\n\u003Cp>Scalable Vector Graphics (SVG) are constantly growing in popularity due to their scalability, small size, and responsiveness. They are ideal for illustrations like logos, icons, buttons, and graphs. Animated SVG files make your page unique, interactive, and look crisp on any device.\u003C\u002Fp>\n\u003Cp>SVGator is an incredibly useful and innovative SVG animation tool that lets you create stunning SVG animations without any coding skills. Import your SVG and choose from a series of advanced animator tools that let you generate amazing animations in just minutes. Spice up your website or blog with impressive SVG animations to increase user engagement. The user-friendly drag and drop interface simplifies the animation process and the code is automatically generated either in CSS or in Javascript.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>You can check out our documentation with screenshots on our help page: \u003Ca href=\"https:\u002F\u002Fwww.svgator.com\u002Fhelp\u002Fgetting-started\u002Fwordpress-svgator-plugin\" rel=\"nofollow ugc\">How to use SVGator Plugin for WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Before starting to use the WordPress plug-in, you will have to sign up for the SVGator app. After creating an account, you can import your SVG files and start working on them to turn your static designs into dynamic and interactive animations.\u003C\u002Fp>\n\u003Cp>When you are done with the animation, you can fully benefit from the plugin. There is no need to export or convert your work, just follow these simple steps:\u003Cbr \u002F>\n1.  Find and install the SVGator plugin\u003Cbr \u002F>\n2.  Activate the plugin\u003Cbr \u002F>\n3.  Log in to load your projects from SVGator and authorize the app\u003Cbr \u002F>\n4.  Select an animation project from your SVGator library and add it to the media library\u003Cbr \u002F>\n5.  Add an animated SVG block to your post or page by clicking the SVGator icon on the \u003Ccode>new block\u003C\u002Fcode> tool.\u003Cbr \u002F>\n6.  Select the animated SVG from the media library and scale it to any size without losing quality\u003Cbr \u002F>\n7.  Alternatively, you can import your SVGs directly on the media library box, under “Import from SVGator” tab\u003C\u002Fp>\n\u003Cp>You can also use the animations inside widgets by simply adding the \u003Ccode>SVGator\u003C\u002Fcode> widget to your sidebars or footers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> When you import your animation to the page, you may find it in a  tag in the editor, but you don’t have to worry about this. Although theoretically, this would mean that the animation might not work the same as in SVGator, (especially if it’s an interactive SVG), in preview mode you will already find it inline and it will work perfectly.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>By authorizing the plugin you acknowledge that WordPress will have access to your SVGator library and is enabled to list and export the animations created in your account.\u003C\u002Fp>\n\u003Cp>You can remove the plugin at any time by clicking on SVGator’s Account settings under your name, then choosing the 3rd Party Apps tab and deleting the plugin. If you would like to add it back, you will have to follow the steps presented above.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>We are always open to your feedback, questions, and suggestions. Email us at \u003Ca href=\"mailto:contact@svgator.com\" rel=\"nofollow ugc\">contact@svgator.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We hope you find this plugin useful. Please take a moment to rate it \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsvgator\u002F\" rel=\"ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Disclosure\u003C\u002Fh3>\n\u003Cp>This plugin is relying on SVGator.com as a 3rd party service.\u003Cbr \u002F>\nAll SVGs loaded using this plugin will be done via API requests to SVGator.com.\u003C\u002Fp>\n\u003Cp>Service URL: [https:\u002F\u002Fwww.svgator.com\u002F]\u003C\u002Fp>\n\u003Cp>Service API: [https:\u002F\u002Fgithub.com\u002FSVGator\u002FSDK\u002F]\u003C\u002Fp>\n\u003Cp>Terms of service: [https:\u002F\u002Fwww.svgator.com\u002Fterms-of-service]\u003C\u002Fp>\n\u003Cp>Privacy policy: [https:\u002F\u002Fwww.svgator.com\u002Fprivacy-policy]\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>SVGator.com WordPress Plugin\u003Cbr \u002F>\nCopyright (C) 2020,2021,2022,2023,2024 SVGator.com\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\nalong with this program.  If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>\u003Cbr \u002F>\nor write to the Free Software Foundation, Inc.,\u003Cbr \u002F>\n51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","The easiest way to add SVG animations to your website right from your SVGator account.",1000,24717,"2026-01-22T12:00:00.000Z","5.0","7.0",[23,174],"vector-image","https:\u002F\u002Fwww.svgator.com\u002Fhelp\u002Fgetting-started\u002Fhow-to-add-svg-to-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvgator.1.3.5.zip","2024-05-24 00:00:00",{"slug":179,"name":180,"version":181,"author":182,"author_profile":183,"description":184,"short_description":185,"active_installs":186,"downloaded":187,"rating":29,"num_ratings":29,"last_updated":188,"tested_up_to":189,"requires_at_least":190,"requires_php":191,"tags":192,"homepage":196,"download_link":197,"security_score":198,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"oh-my-svg","OH MY Svg","0.1.3","Erik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodekraft\u002F","\u003Cp>This plugin provides a Svg Block to your block editor, this can be used with any svg icon or image (or even a html snippet). Some key features are provided like automatic markup sanitation, optimization (svgo), and small utility to change the color and the markup that will be very useful for you to create variations of your image.\u003C\u002Fp>\n\u003Cp>This block has the same controls as the images, but actually the content is xml markup, and you can change it as you like! This allows thousands of possibilities… You will be able to use css animations or js scripts to animate it, change the inner text of the svg, create variations of the same svg.\u003Cbr \u002F>\nHowever, this has the disadvantage that the svg will not be copied into the media library, so if you plan to use the same svg several times (buttons, icons, etc.) you are better off creating a reusable block\u003C\u002Fp>\n\u003Cp>From a performance point of view, be aware that the image will not be included as an external resource, but will instead be within the markup of the page, thus making svg even faster than it already is.\u003C\u002Fp>\n\u003Ch3>Svg are awesome because:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✌️ Are always super sharp!\u003C\u002Fli>\n\u003Cli>🪶 Incredibly lightweight and doesn’t require any additional resize image (you only need one source for all screen sizes and resolutions)\u003C\u002Fli>\n\u003Cli>⚡ Increased page performance! Using inline SVGs saves can save dozens of requests and save server download bandwith.\u003C\u002Fli>\n\u003Cli>🎉 highly customisable and animatable! Embedded svgs are easy to be animated, just use css!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Since this plugin doesn’t enable uploads of svg images into media library could be considered safer than all the others that enable the upload.\u003Cbr \u002F>\nAs if that wasn’t enough Svg’s will be cleaned with DOM purify which indeed is a first class js purifier, those used in php try to mimic how it works.\u003C\u002Fp>\n\u003Cp>Svg will be included within the pages as xml fragments, so they will not be processed by imagemagick and cannot be uploaded by anyone from website “side”. Only those with permissions to use the editor will be allowed to ‘upload’ (or rather include) them.\u003C\u002Fp>\n\u003Ch4>Inspirations, links\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.slideshare.net\u002Fx00mario\u002Fthe-image-that-called-me\" rel=\"nofollow ugc\">Mario Heiderich the-image-that-called-me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.fortinet.com\u002Fblog\u002Fthreat-research\u002Fscalable-vector-graphics-attack-surface-anatomy\" rel=\"nofollow ugc\">Fortinet – Anatomy of Scalable Vector Graphics (Svg) Attack Surface on the Web\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>dompurify © 2015 Mario Heiderich, \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fcure53\u002FDOMPurify\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">Apache License Version 2.0\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>svgo © 2021 Kir Belevich, \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fsvg\u002Fsvgo\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">MIT License\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>We love your input! We want to make contributing to this project as easy and transparent as possible, whether it’s:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reporting a bug\u003C\u002Fli>\n\u003Cli>Discussing the current state, features, improvements\u003C\u002Fli>\n\u003Cli>Submitting a fix 💯 or a new feature 🎉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.\u003Cbr \u002F>\nBy contributing, you agree that your contributions will be licensed under its GPLv3 License.\u003C\u002Fp>\n","Add any svg to your website with the superpowers of the block editor. Out-of-the-box security and speed optimization!",200,2861,"2023-02-06T15:08:00.000Z","6.1.10","5.7","7.1.0",[193,194,23,195,24],"blocks","icon","upload","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foh-my-svg.0.1.3.zip",85,{"slug":200,"name":201,"version":202,"author":203,"author_profile":204,"description":205,"short_description":206,"active_installs":150,"downloaded":207,"rating":150,"num_ratings":208,"last_updated":209,"tested_up_to":210,"requires_at_least":171,"requires_php":172,"tags":211,"homepage":213,"download_link":214,"security_score":150,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"svg-editor","SVG Editor: Upload & Change Colors","1.1","Digages","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigages\u002F","\u003Cp>SVG Editor adds native support for uploading and editing SVG (Scalable Vector Graphics) directly within your WordPress Media Library. Easily change the colors of your favorite icons, images, and vector assets without needing any external design software.\u003C\u002Fp>\n\u003Cp>Whether you’re a web designer, developer, or content creator, SVG Editor is here to simplify your workflow and save you time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable SVG Uploads\u003C\u002Fstrong>: Allows you to safely upload SVG files to your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in Media Library\u003C\u002Fstrong>: Preview your SVG files directly within the WordPress Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress Integration\u003C\u002Fstrong>: Works seamlessly within the WordPress Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Color Editing\u003C\u002Fstrong>: Change SVG colors with our intuitive interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sanitized SVGs\u003C\u002Fstrong>: Automatically cleans SVG code to prevent security risks and ensure safe usage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Preserves SVG Integrity\u003C\u002Fstrong>: Maintains the scalability and quality of your vector graphics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: Easily edit SVG on the go.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>About Digages:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG Editor is a free and open-source plugin developed and maintained by \u003Ca href=\"https:\u002F\u002Fdigages.com\u002F\" rel=\"nofollow ugc\">Digages\u003C\u002Fa>. We’re committed to creating tools that make WordPress more powerful and easier to use.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdigages.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate Now\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdigages.com\u002F\" rel=\"nofollow ugc\">Visit Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Other Plugins by Digages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirect-payments-for-woocommerce\u002F\" rel=\"ugc\">Direct Payment for Woocommerce\u003C\u002Fa>: Direct Payments for WooCommerce makes it easy for WooCommerce store owners to accept payments directly through local and global methods with 0.0% transaction fees. Enable direct payments from your customers via bank transfers, mobile money, crypto and peer-to-peer platforms like Zelle, Venmo, Cash App e.t.c\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirect-payments-wp\u002F\" rel=\"ugc\">Direct Payment WP\u003C\u002Fa>: Direct Payments WP is the ultimate plugin for WordPress users who want a simple and flexible way to accept payments. Whether you’re a freelancer, a small business owner, or running a membership site, Direct Payments WP empowers you to accept payments directly using customizable forms, invoices and pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External API Notice\u003C\u002Fh3>\n\u003Cp>This plugin optionally connects to an external API to fetch additional plugin listings. The core functionality of the plugin is fully independent and remains unaffected if the API is not used.\u003C\u002Fp>\n\u003Cp>We value user privacy and ensure that no personal or sensitive data is sent to the external API.\u003C\u002Fp>\n","SVG Editor lets you upload SVG files and change their colors directly within the WordPress Media Library.",1048,3,"2025-07-07T14:30:00.000Z","6.8.5",[212,133,134,23,24],"editor","https:\u002F\u002Fdigages.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-editor.1.1.zip",{"attackSurface":216,"codeSignals":369,"taintFlows":384,"riskAssessment":385,"analyzedAt":393},{"hooks":217,"ajaxHandlers":358,"restRoutes":366,"shortcodes":367,"cronEvents":368,"entryPointCount":112,"unprotectedCount":29},[218,224,228,231,234,239,245,250,254,258,262,266,270,274,278,283,288,291,295,298,302,305,310,314,318,322,325,330,334,337,339,342,346,351,355],{"type":219,"name":220,"callback":221,"file":222,"line":223},"action","admin_menu","bodhi_svgs_admin_menu","admin\\admin-init.php",28,{"type":219,"name":225,"callback":226,"file":222,"line":227},"admin_init","bodhi_svgs_register_settings",93,{"type":219,"name":225,"callback":229,"file":222,"line":230},"bodhi_svgs_remove_old_sanitize_setting",108,{"type":219,"name":225,"callback":232,"file":222,"line":233},"bodhi_svgs_advanced_mode",129,{"type":235,"name":236,"callback":237,"file":222,"line":238},"filter","admin_footer_text","bodhi_svgs_admin_footer_text",240,{"type":235,"name":240,"callback":241,"priority":242,"file":243,"line":244},"plugin_row_meta","bodhi_svgs_plugin_meta_links",10,"admin\\plugin-action-meta-links.php",45,{"type":235,"name":246,"callback":247,"priority":242,"file":248,"line":249},"wp_prepare_attachment_for_js","bodhi_svgs_response_for_svg","functions\\attachment.php",50,{"type":235,"name":251,"callback":252,"priority":242,"file":248,"line":253},"wp_generate_attachment_metadata","bodhi_svgs_generate_svg_attachment_metadata",198,{"type":235,"name":255,"callback":256,"file":248,"line":257},"wp_handle_upload_prefilter","bodhi_svgs_sanitize_svg",400,{"type":235,"name":259,"callback":260,"file":248,"line":261},"wp_calculate_image_srcset","bodhi_svgs_disable_srcset",457,{"type":235,"name":263,"callback":264,"priority":242,"file":248,"line":265},"wp_get_attachment_image_src","bodhi_svgs_dimension_fallback",489,{"type":235,"name":267,"callback":268,"priority":242,"file":248,"line":269},"rest_pre_upload_file","bodhi_svgs_rest_pre_upload",516,{"type":235,"name":271,"callback":272,"file":248,"line":273},"wp_handle_upload","bodhi_svgs_handle_upload_check",525,{"type":235,"name":275,"callback":276,"priority":242,"file":248,"line":277},"rest_insert_attachment","bodhi_svgs_rest_insert_attachment",563,{"type":235,"name":279,"callback":280,"priority":242,"file":281,"line":282},"image_send_to_editor","bodhi_svgs_auto_insert_class","functions\\attribute-control.php",54,{"type":219,"name":284,"callback":285,"file":286,"line":287},"admin_enqueue_scripts","bodhi_svgs_admin_css","functions\\enqueue.php",31,{"type":219,"name":284,"callback":289,"file":286,"line":290},"bodhi_svgs_admin_multiselect",48,{"type":219,"name":292,"callback":293,"file":286,"line":294},"enqueue_block_editor_assets","bodhi_svgs_block_editor",60,{"type":219,"name":296,"callback":297,"file":286,"line":116},"wp_enqueue_scripts","bodhi_svgs_frontend_css",{"type":219,"name":296,"callback":299,"priority":300,"file":286,"line":301},"bodhi_svgs_frontend_js",9,87,{"type":219,"name":296,"callback":303,"file":286,"line":304},"bodhi_svgs_inline",145,{"type":235,"name":306,"callback":307,"file":308,"line":309},"admin_post_thumbnail_html","bodhi_svgs_featured_image_meta","functions\\featured-image.php",39,{"type":219,"name":311,"callback":312,"priority":242,"file":308,"line":313},"save_post","bodhi_svgs_save_featured_image_meta",75,{"type":219,"name":315,"callback":316,"file":308,"line":317},"init","bodhi_svgs_register_meta",90,{"type":235,"name":319,"callback":320,"file":308,"line":321},"post_thumbnail_html","bodhi_svgs_add_class_to_thumbnail",117,{"type":219,"name":315,"callback":323,"file":324,"line":300},"bodhi_svgs_localization","functions\\localization.php",{"type":235,"name":326,"callback":327,"priority":159,"file":328,"line":329},"upload_mimes","bodhi_svgs_upload_mimes","functions\\mime-types.php",47,{"type":235,"name":331,"callback":332,"priority":242,"file":328,"line":333},"wp_check_filetype_and_ext","bodhi_svgs_upload_check",69,{"type":235,"name":331,"callback":335,"priority":242,"file":328,"line":336},"bodhi_svgs_allow_svg_upload",97,{"type":235,"name":326,"callback":338,"priority":127,"file":328,"line":321},"bodhi_svgs_multisite_settings",{"type":219,"name":225,"callback":340,"file":341,"line":300},"bodhi_svgs_display_thumbs","functions\\thumbnail-display.php",{"type":235,"name":343,"callback":344,"file":341,"line":345},"final_output","bodhi_svgs_final_output",22,{"type":219,"name":347,"callback":348,"file":349,"line":350},"admin_notices","closure","includes\\svg-tags.php",29,{"type":219,"name":352,"callback":353,"file":354,"line":333},"pmxi_attachment_uploaded","bodhi_svgs_wpallimport_handle_svg","integrations\\wp-all-import.php",{"type":219,"name":225,"callback":356,"file":357,"line":230},"bodhi_svgs_version_updates","svg-support.php",[359,364],{"action":360,"nopriv":361,"callback":360,"hasNonce":362,"hasCapCheck":362,"file":308,"line":363},"bodhi_svgs_featured_image_inline_toggle",false,true,159,{"action":360,"nopriv":362,"callback":360,"hasNonce":362,"hasCapCheck":362,"file":308,"line":365},160,[],[],[],{"dangerousFunctions":370,"sqlUsage":371,"outputEscaping":378,"fileOperations":382,"externalRequests":48,"nonceChecks":208,"capabilityChecks":28,"bundledLibraries":383},[],{"prepared":29,"raw":112,"locations":372},[373,376],{"file":374,"line":242,"context":375},"functions\\meta-cleanup.php","$wpdb->query() with variable interpolation",{"file":374,"line":377,"context":375},24,{"escaped":329,"rawEcho":48,"locations":379},[380],{"file":349,"line":287,"context":381},"raw output",5,[],[],{"summary":386,"deductions":387},"The svg-support v2.5.14 plugin exhibits a generally positive security posture with some notable exceptions.  The static analysis reveals a small attack surface of only 2 AJAX handlers, both of which are protected by authentication checks, indicating good practice in limiting unauthorized access. The overwhelming majority of output is properly escaped, and nonce and capability checks are present on all identified entry points. File operations and external HTTP requests are also managed, suggesting careful handling of potentially sensitive actions.  However, the plugin's history is a significant concern.  It has a substantial number of known CVEs, all of which are medium severity and related to Cross-Site Scripting (XSS).  While there are currently no unpatched vulnerabilities, the sheer volume of past XSS issues, including a recent one in 2025, suggests a recurring pattern of input sanitization weaknesses that the developers have struggled to fully resolve.  Furthermore, the presence of SQL queries not utilizing prepared statements is a potential risk, although the low number of queries and the absence of taint flows are mitigating factors.  The lack of any identified taint flows is a positive sign, implying that critical vulnerabilities are not being introduced in current development, but the historical pattern of XSS warrants caution.",[388,390],{"reason":389,"points":242},"SQL queries not using prepared statements",{"reason":391,"points":392},"6 medium severity CVEs historically",18,"2026-03-16T16:57:26.474Z",{"wat":395,"direct":414},{"assetPaths":396,"generatorPatterns":404,"scriptPaths":405,"versionParams":406},[397,398,399,400,401,402,403],"\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fcss\u002Fsvgs-admin.css","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fcss\u002Fsvgs-admin-simple-mode.css","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fcss\u002Fsvgs-admin-edit-post.css","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fcss\u002Fjquery.dropdown-min.css","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fjs\u002Fmin\u002Fjquery.dropdown-min.js","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fjs\u002Fsvgs-inline.js","\u002Fwp-content\u002Fplugins\u002Fsvg-support\u002Fjs\u002Fsvgs-admin.js",[],[],[407,408,409,410,411,412,413],"svg-support\u002Fcss\u002Fsvgs-admin.css?ver=","svg-support\u002Fcss\u002Fsvgs-admin-simple-mode.css?ver=","svg-support\u002Fcss\u002Fsvgs-admin-edit-post.css?ver=","svg-support\u002Fcss\u002Fjquery.dropdown-min.css?ver=","svg-support\u002Fjs\u002Fmin\u002Fjquery.dropdown-min.js?ver=","svg-support\u002Fjs\u002Fsvgs-inline.js?ver=","svg-support\u002Fjs\u002Fsvgs-admin.js?ver=",{"cssClasses":415,"htmlComments":417,"htmlAttributes":419,"restEndpoints":420,"jsGlobals":421,"shortcodeOutput":424},[416],"svg-support-frontend-settings",[418],"\u003C!-- SVG Support Settings -->",[],[],[422,423],"bodhi_svgs_options","svgs_plugin_version",[]]