[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foNwztU_HLikvTXYoo4aPZI97_mCeeRmvWbY5Q7eQWQo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":59,"crawl_stats":37,"alternatives":67,"analysis":171,"fingerprints":297},"wp-svg-images","WP SVG Images","4.4","ShortPixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fshortpixel\u002F","\u003Cp>\u003Cstrong>Securely upload SVG files to your Media Library. Uploaded SVG files are automatically sanitized.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG stands for \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FScalable_Vector_Graphics\" rel=\"nofollow ugc\">Scalable Vector Graphics\u003C\u002Fa> and is probably the most efficient way to display images.\u003Cbr \u002F>\nWP SVG Images Plugin is an \u003Cstrong>easy-to-use and lightweight plugin\u003C\u002Fstrong> that allows you to upload SVG files to your media library safely and easily.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for SVG uploads to your Media Library.\u003C\u002Fli>\n\u003Cli>Sanitize uploaded SVG files. Malicious SVG\u002FXML files are rejected from upload.\u003C\u002Fli>\n\u003Cli>Admin configurable SVG support for different user roles. Ability to disable SVG upload for different user roles.\u003C\u002Fli>\n\u003Cli>Different user roles can upload and\u002For sanitize the uploaded SVG images.\u003C\u002Fli>\n\u003Cli>SVG preview in Media Library.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>24\u002F7 SVG support offered by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">here\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-svg-images\u002F\" rel=\"ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended plugins\u003C\u002Fh4>\n\u003Cp>This plugin is supported & maintained by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002F\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa>.\u003Cbr \u002F>\nOther popular plugins by ShortPixel:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffastpixel-website-accelerator\u002F\" rel=\"ugc\">FastPixel Caching\u003C\u002Fa> – WP Optimization made easy\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel Image Optimizer\u003C\u002Fa> – Image optimization & compression for all the images on your website, including WebP delivery – ShortPixel Image Optimizer.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-adaptive-images\u002F\" rel=\"ugc\">ShortPixel Adaptive Images\u003C\u002Fa> – On-the-fly image optimization & CDN delivery.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-media-replace\u002F\" rel=\"ugc\">Enable Media Replace\u003C\u002Fa> – Easily replace images or files in Media Library.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails-advanced\u002F\" rel=\"ugc\">reGenerate Thumbnails Advanced\u003C\u002Fa> – Easily regenerate thumbnails.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresize-image-after-upload\u002F\" rel=\"ugc\">Resize Image After Upload\u003C\u002Fa> – Automatically resize each uploaded image.\u003C\u002Fp>\n\u003Ch3>Hooks for developers\u003C\u002Fh3>\n\u003Ch4>WPSVG_setAllowedTags\u003C\u002Fh4>\n\u003Cp>Allows you to specify more tags that will be not removed during sanitization\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'WPSVG_setAllowedTags', 'my_custom_allowed_svg_tags', 10, 1 );\nfunction my_custom_allowed_svg_tags( $tags ){\n    $tags[] = 'path';\n    return $tags;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPSVG_setAllowedAttrs\u003C\u002Fh4>\n\u003Cp>Allows you to specify more attributes that will be not removed during sanitization\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'WPSVG_setAllowedAttrs', 'my_custom_allowed_svg_attributes', 10, 1 );\nfunction my_custom_allowed_svg_attributes( $attributes ){\n    $attributes[] = 'fill';\n    return $attributes;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Add SVG support to your WP website. Securely upload SVG files, automatic sanitization, Media Library preview.",30000,304959,100,12,"2025-12-10T11:53:00.000Z","6.9.4","3.0.1","5.6.40",[20,21,22,23],"sanitization","svg","svg-support","svg-upload","https:\u002F\u002Fshortpixel.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-svg-images.4.4.zip",99,2,0,"2024-06-20 00:00:00","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-5945","wp-svg-images-authenticated-author-stored-cross-site-scripting-via-svg","WP SVG Images \u003C= 4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG","The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.3 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have permissions to upload sanitized files, to bypass SVG sanitization and inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A bypass to the patch in version 4.3 was discovered and fixed completely in version 4.4.",null,"\u003C=4.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-31 15:29:34",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F389d96e9-1fad-49a6-89b6-8f7f108d8117?source=api-prod",226,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":54,"updated_date":55,"references":56,"days_to_patch":58},"CVE-2021-24386","wp-svg-images-authenticated-author-stored-cross-site-scripting-via-svg-2","WP SVG Images \u003C= 3.3 - Authenticated (author+) Stored Cross-Site Scripting via SVG","The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.","\u003C=3.3","3.4","2021-06-14 00:00:00","2024-01-22 19:56:02",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb72a26dd-0d20-462e-bb71-ed83eae6766e?source=api-prod",953,{"slug":60,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},"shortpixel",8,1194000,97,230,77,"2026-04-04T14:02:22.030Z",[68,86,104,128,151],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":13,"num_ratings":27,"last_updated":78,"tested_up_to":16,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":84,"download_link":85,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"upload-svg","Upload SVG","1.0.3","html5maps","https:\u002F\u002Fprofiles.wordpress.org\u002Fhtml5maps\u002F","\u003Cp>Upload SVG is a secure and user-friendly WordPress plugin that allows you to safely upload and manage SVG files in your Media Library. SVG files can potentially contain malicious code, but with Upload SVG, you can enable automatic sanitization to prevent XML\u002FSVG vulnerabilities on your website. This plugin ensures your SVG uploads are handled with enhanced security while offering a seamless user experience.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Securely upload SVG files to your Media Library.\u003C\u002Fli>\n\u003Cli>Enable automatic sanitization to protect against XML\u002FSVG vulnerabilities.\u003C\u002Fli>\n\u003Cli>Effortlessly manage and preview SVG files in your Media Library.\u003C\u002Fli>\n\u003Cli>Restrict SVG uploads to trusted user roles for additional security.\u003C\u002Fli>\n\u003Cli>Seamless integration with the latest version of WordPress.\u003C\u002Fli>\n\u003Cli>Lightweight and optimized for optimal performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>SVG Sanitization is implemented using the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n","Safely enable SVG uploads with sanitization and prevent XML\u002FSVG vulnerabilities on your WordPress website. Preview SVG files in your Media Library.",1000,8429,"2025-12-03T15:44:00.000Z","5.7","7.1",[82,21,22,23,83],"sanitize","upload","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupload-svg.1.0.3.zip",{"slug":87,"name":88,"version":71,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":28,"num_ratings":28,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":80,"tags":98,"homepage":101,"download_link":102,"security_score":103,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"svg-enabler","SVG Enabler","Optimist Hub","https:\u002F\u002Fprofiles.wordpress.org\u002Foptimisthub\u002F","\u003Cp>This plugin gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.\u003C\u002Fp>\n","This plugin gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.",30,2802,"2023-02-07T17:03:00.000Z","6.1.10","5.0",[99,22,23,100],"allow-svg-upload","svg-upload-enabler","https:\u002F\u002Fgithub.com\u002Foptimisthub\u002Fwordpress-svg-enabler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-enabler.1.0.3.zip",85,{"slug":22,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":125,"vuln_count":126,"unpatched_count":28,"last_vuln_date":127,"fetched_at":30},"SVG Support","2.5.14","Benbodhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenbodhi\u002F","\u003Cp>\u003Cstrong>The complete SVG solution for WordPress – secure, flexible, and easy to use.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SVG Support enables secure SVG uploads with powerful features for both basic users and developers:\u003C\u002Fp>\n\u003Cp>✨ \u003Cstrong>Key Features\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Secure SVG uploads with automatic sanitization\u003Cbr \u002F>\n– Inline rendering for direct CSS\u002FJS manipulation\u003Cbr \u002F>\n– File size optimization through minification\u003Cbr \u002F>\n– Role-based access control\u003Cbr \u002F>\n– Advanced developer options\u003Cbr \u002F>\n– Multisite compatible\u003Cbr \u002F>\n– Full Block Editor (Gutenberg) compatibility\u003C\u002Fp>\n\u003Cp>🔒 \u003Cstrong>Security First\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Built-in sanitization removes potentially harmful code\u003Cbr \u002F>\n– Role-based upload restrictions\u003Cbr \u002F>\n– Comprehensive MIME type validation\u003C\u002Fp>\n\u003Cp>🎨 \u003Cstrong>Designer Friendly\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Direct styling of SVG elements\u003Cbr \u002F>\n– Animation support\u003Cbr \u002F>\n– Custom class targeting\u003Cbr \u002F>\n– Automatic dimension handling\u003C\u002Fp>\n\u003Cp>💻 \u003Cstrong>Developer Ready\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Advanced mode for additional features\u003Cbr \u002F>\n– REST API support\u003Cbr \u002F>\n– Gutenberg compatible\u003Cbr \u002F>\n– Extensive hooks and filters\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Basic Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– First, install and activate SVG Support via your WordPress dashboard\u003Cbr \u002F>\n– Upload SVG files to your media library like any other image\u003Cbr \u002F>\n– Works seamlessly with Image blocks, Cover blocks and featured images\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Enable “Advanced Mode” for minification and inline rendering\u003Cbr \u002F>\n– Customize with hooks and filters for tailored functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to enable inline rendering:\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Image blocks\u003Cbr \u002F>\n  – Add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to Cover blocks to render SVG backgrounds inline\u003Cbr \u002F>\n– Use “Skip Nested SVGs” setting to control inline rendering of SVGs within Cover blocks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Classic Editor Usage\u003C\u002Fstrong>:\u003Cbr \u002F>\n– Use Advanced Mode to add the \u003Ccode>\"style-svg\"\u003C\u002Fcode> class to \u003Ccode>\u003Cimg>\u003C\u002Fcode> tags for inline rendering\u003Cbr \u002F>\n– Enable “Auto Insert Class” option for automatic class insertion in Classic Editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Common Issues & Solutions\u003C\u002Fstrong>:\u003Cbr \u002F>\n– SVG not displaying? Ensure dimensions are set in CSS.\u003Cbr \u002F>\n– Need help? Use the support tab and I will do my best to assist you.\u003C\u002Fp>\n\u003Ch3>Spin up a test site\u003C\u002Fh3>\n\u003Cp>With a single click, you can spin up a completely free test site to test SVG Support using TasteWP! No sign up, no cards, nothing! How cool is that? Give it a go:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew?pre-installed-plugin-slug=svg-support&redirect=options-general.php%3Fpage%3Dsvg-support&ni=true\" rel=\"nofollow ugc\">Click Here to spin up a test site in seconds\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>SVG Support prioritizes security with automatic sanitization and role-based restrictions. Only trusted users should have upload permissions. Configure settings to balance functionality and security.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>I’m open to your \u003Ca href=\"mailto:wp@benbodhi.com\" rel=\"nofollow ugc\">suggestions and feedback\u003C\u002Fa> – Thanks for using SVG Support!\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsvgsupport\" rel=\"nofollow ugc\">@SVGSupport\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Twitter\u003Cbr \u002F>\nFollow \u003Ca href=\"https:\u002F\u002Fwarpcast.com\u002Fbenbodhi\" rel=\"nofollow ugc\">@benbodhi\u003C\u002Fa> on Warpcast\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> I hope you like this plugin! Please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsvg-support?filter=5#postform\" rel=\"ugc\">rate it\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Development & Contributing\u003C\u002Fh3>\n\u003Cp>The development version of SVG Support is maintained on GitHub. Feel free to contribute:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Submit bug reports or feature suggestions: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contribute code via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\u002Fpulls\" rel=\"nofollow ugc\">Pull Requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Development repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenbodhi\u002Fsvg-support\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Contribute translations \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsvg-support\" rel=\"nofollow ugc\">here\u003C\u002Fa>. New to translating? Check the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftools\u002Fglotpress-translate-wordpress-org\u002F\" rel=\"nofollow ugc\">Translator Handbook\u003C\u002Fa>.\u003C\u002Fp>\n","Securely upload SVG files to your media library, with built-in sanitization and advanced features for styling and animation.",1000000,12632236,96,354,"2025-02-25T08:34:00.000Z","6.7.5","5.8","7.4",[120,121,20,21,122],"mime-type","safe-svg","vector","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsvg-support\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvg-support.2.5.14.zip",89,6,"2025-02-24 00:00:00",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":113,"num_ratings":138,"last_updated":139,"tested_up_to":16,"requires_at_least":140,"requires_php":118,"tags":141,"homepage":146,"download_link":147,"security_score":148,"vuln_count":149,"unpatched_count":28,"last_vuln_date":150,"fetched_at":30},"themeisle-companion","Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More","3.0.5","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FfoS_QbuY-Lg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Why Choose Orbit Fox?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>All Essential Website Features in One Place\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Orbit Fox includes all the popular functionality most site owners need: SVG support, social sharing, website templates, custom fonts, stock photos, page builder widgets, menu icons, and site customization tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Eliminate Plugin Bloat\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Replace over a dozen individual utility plugins with just one solution. Reduce plugin management complexity, minimize potential conflicts, and keep your WordPress dashboard organized.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart Performance Optimization\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Modules only load when enabled and are compatible with your existing theme and plugins, ensuring optimal site performance and preventing conflicts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save Time on Setup and Maintenance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Skip installing a dozen separate plugins when building new sites. Get fully functional websites in minutes, not hours. Plus, maintain just one plugin instead of managing multiple updates, settings, and compatibility issues.\u003C\u002Fp>\n\u003Ch3>Orbit Fox Modules\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Content & Design:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Website Templates – 45+ professional starter website templates to choose from\u003C\u002Fli>\n\u003Cli>Custom Fonts – Upload and use any custom font on your website\u003C\u002Fli>\n\u003Cli>Reading Progress Bar – Increase engagement with a visual reading progress indicator\u003C\u002Fli>\n\u003Cli>SVG Support – Enable safe SVG file uploads\u003C\u002Fli>\n\u003Cli>Free Stock Photos – 1,300+ free images to use for personal and commercial purposes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Page Building & Widgets:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Widgets – Add 6 popular widgets to Elementor\u003C\u002Fli>\n\u003Cli>Beaver Builder Modules – Add 6 popular modules to Beaver Builder\u003C\u002Fli>\n\u003Cli>Customize Login Page – Change the design of your site’s login page and customize your login form\u003C\u002Fli>\n\u003Cli>Duplicate Page or Post – Duplicate any post or page on your website with one click\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Experience:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Social Share Buttons – Add social sharing buttons to your website with mobile\u002Fdesktop optimization\u003C\u002Fli>\n\u003Cli>Menu Icons – Add icons to any menu\u003C\u002Fli>\n\u003Cli>GDPR\u002FCCPA Cookie Notice – Show GDPR\u002FCCPA-compliant cookie notifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Site Management:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Header and Footer Scripts – Add tracking codes and custom CSS\u002FJS\u003C\u002Fli>\n\u003Cli>Disable Comments – Site-wide comment control\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Works With Any Theme\u003C\u002Fh3>\n\u003Cp>Orbit Fox is designed to work seamlessly with all WordPress themes. For the best experience, pair it with our professional themes like \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fthemes\u002Fneve\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Neve\u003C\u002Fstrong>\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fthemes\u002Fhestia\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Hestia\u003C\u002Fstrong>\u003C\u002Fa> – built by the same team for perfect integration.\u003C\u002Fp>\n\u003Ch3>Who Should Use Orbit Fox\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Beginners\u003C\u002Fstrong> – Get professional features without the learning curve\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freelancers & Agencies\u003C\u002Fstrong> – Build efficient, streamlined client websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website Owners\u003C\u002Fstrong> – Access essential functionality through one organized solution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants commonly needed features without multiple plugin installations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We’re here to help. Feel free to open a new thread on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fthemeisle-companion\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Need help getting started? Check out our \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Farticle\u002F951-orbit-fox-documentation\" rel=\"nofollow ugc\">complete documentation\u003C\u002Fa> for step-by-step guides on every feature.\u003C\u002Fp>\n\u003Ch3>Useful Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you like Orbit Fox, you’re sure to love \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">our other plugins\u003C\u002Fa> as well.\u003C\u002Fli>\n\u003Cli>Learn more about WordPress on our \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002F\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Get the most out of your WordPress website with our helpful \u003Ca href=\"https:\u002F\u002Fyoutube.com\u002Fplaylist?list=PLmRasCVwuvpSep2MOsIoE0ncO9JE3FcKP\" rel=\"nofollow ugc\">YouTube Tutorials\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.",100000,13570171,317,"2025-12-10T19:26:00.000Z","5.3",[142,143,144,145,22],"cookie-notice","duplicate-page","login-customizer","share-buttons","https:\u002F\u002Forbitfox.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemeisle-companion.zip",83,20,"2025-11-03 00:00:00",{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":159,"downloaded":160,"rating":13,"num_ratings":161,"last_updated":162,"tested_up_to":16,"requires_at_least":163,"requires_php":164,"tags":165,"homepage":167,"download_link":168,"security_score":113,"vuln_count":169,"unpatched_count":28,"last_vuln_date":170,"fetched_at":30},"easy-svg","Easy SVG Support","4.1","Benjamin Zekavica","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenjamin_zekavica\u002F","\u003Ch4>Direct Upload SVG Files into WordPress\u003C\u002Fh4>\n\u003Cp>EASY SVG Support is a Plugin which allows you to upload SVG Files into your Media library. This plugin was created for persons, who don’t need much options for SVG.\u003C\u002Fp>\n\u003Ch4>Features of the plugin include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Uploading SVG Support for WordPress\u003C\u002Fli>\n\u003Cli>Easy installation\u003C\u002Fli>\n\u003Cli>Display SVG Files in the Media Libary\u003C\u002Fli>\n\u003Cli>SVG Sanitize Files direcly \u003C\u002Fli>\n\u003Cli>SVG Sanitize – Custom Hooks for Tags and Attributes\u003C\u002Fli>\n\u003Cli>Updated for the new WordPress Gutenberg Editor\u003C\u002Fli>\n\u003Cli>Support for PHP 8.2\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation & Support\u003C\u002Fh4>\n\u003Cp>Got a problem or need help with Easy SVG Support? Than you can write me an e-mail:\u003C\u002Fp>\n\u003Cp>info@benjamin-zekavica.de or you can ask your question in the forums section.\u003C\u002Fp>\n","This Plugin allows you to upload SVG Files into your Media library.",40000,348069,7,"2025-11-14T19:51:00.000Z","6.0","8.0",[152,21,166,22,69],"svg-media","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-svg.4.1.zip",3,"2026-02-18 15:01:37",{"attackSurface":172,"codeSignals":243,"taintFlows":285,"riskAssessment":286,"analyzedAt":296},{"hooks":173,"ajaxHandlers":233,"restRoutes":239,"shortcodes":240,"cronEvents":241,"entryPointCount":242,"unprotectedCount":28},[174,179,183,187,191,195,199,203,206,210,213,217,220,223,227,230],{"type":175,"name":176,"callback":176,"file":177,"line":178},"filter","wp_handle_upload_prefilter","wp-svg-images.php",56,{"type":180,"name":181,"callback":181,"file":177,"line":182},"action","plugins_loaded",58,{"type":180,"name":184,"callback":185,"file":177,"line":186},"admin_menu","plugin_menu_link",59,{"type":180,"name":188,"callback":189,"file":177,"line":190},"init","plugin_init",60,{"type":180,"name":192,"callback":193,"file":177,"line":194},"admin_init","add_svg_support",62,{"type":180,"name":196,"callback":197,"file":177,"line":198},"admin_footer","fix_svg_thumbnail_size",63,{"type":175,"name":200,"callback":201,"file":177,"line":202},"upload_mimes","add_svg_mime",64,{"type":175,"name":204,"callback":204,"priority":13,"file":177,"line":205},"wp_check_filetype_and_ext",65,{"type":175,"name":207,"callback":207,"priority":208,"file":177,"line":209},"wp_generate_attachment_metadata",10,66,{"type":175,"name":211,"callback":211,"priority":208,"file":177,"line":212},"fl_module_upload_regex",67,{"type":175,"name":214,"callback":215,"priority":208,"file":177,"line":216},"render_block","fix_missing_width_height_on_image_block",68,{"type":180,"name":218,"callback":218,"file":177,"line":219},"admin_notices",70,{"type":180,"name":192,"callback":221,"file":177,"line":222},"upsell",73,{"type":175,"name":224,"callback":225,"priority":208,"file":177,"line":226},"wp_all_import_image_mime_type","wp_all_import_svgs",74,{"type":175,"name":228,"callback":228,"file":177,"line":229},"final_output",362,{"type":175,"name":231,"callback":231,"priority":208,"file":177,"line":232},"wp_prepare_attachment_for_js",363,[234],{"action":235,"nopriv":236,"callback":235,"hasNonce":237,"hasCapCheck":236,"file":177,"line":238},"wpsvg_notice_dismissed",false,true,71,[],[],[],1,{"dangerousFunctions":244,"sqlUsage":245,"outputEscaping":251,"fileOperations":27,"externalRequests":28,"nonceChecks":27,"capabilityChecks":242,"bundledLibraries":284},[],{"prepared":242,"raw":242,"locations":246},[247],{"file":248,"line":249,"context":250},"svg-sanitizer\\ElementReference\\Resolver.php",101,"$wpdb->query() with variable interpolation",{"escaped":252,"rawEcho":253,"locations":254},17,16,[255,259,260,261,262,264,266,268,270,272,274,276,278,279,281,282],{"file":256,"line":257,"context":258},"upsell.php",5,"raw output",{"file":256,"line":161,"context":258},{"file":256,"line":149,"context":258},{"file":256,"line":149,"context":258},{"file":256,"line":263,"context":258},23,{"file":177,"line":265,"context":258},110,{"file":177,"line":267,"context":258},115,{"file":177,"line":269,"context":258},233,{"file":177,"line":271,"context":258},246,{"file":177,"line":273,"context":258},261,{"file":177,"line":275,"context":258},262,{"file":177,"line":277,"context":258},266,{"file":177,"line":277,"context":258},{"file":177,"line":280,"context":258},278,{"file":177,"line":280,"context":258},{"file":177,"line":283,"context":258},279,[],[],{"summary":287,"deductions":288},"The wp-svg-images plugin version 4.4 presents a mixed security posture. On one hand, the static analysis indicates a relatively small attack surface with only one AJAX handler, and importantly, this handler appears to be protected by an authentication check. There are no identified dangerous functions, external HTTP requests, or unsanitized path flows from taint analysis, which are all positive signs. The presence of two nonce checks and one capability check further contributes to a good foundation for security.\n\nHowever, the vulnerability history raises a significant concern. The plugin has a past of two known medium-severity CVEs, specifically related to Cross-site Scripting (XSS). While there are currently no unpatched vulnerabilities, the pattern of past XSS issues suggests that improper handling of user-provided input might be a recurring weakness. The static analysis also reveals that only 50% of SQL queries are using prepared statements and only 52% of outputs are properly escaped, indicating potential areas where vulnerabilities could arise or be reintroduced. The existence of file operations also warrants careful scrutiny.\n\nIn conclusion, while the current version shows improvements in attack surface management and some security practices like nonce and capability checks, the historical prevalence of XSS vulnerabilities and the notable percentage of unescaped outputs and non-prepared SQL queries suggest that vigilance is still required. The plugin's history indicates a potential for input validation and output sanitization flaws, which are common entry points for XSS attacks. Users should ensure they are always on the latest version and remain aware of any future security advisories.",[289,292,294],{"reason":290,"points":291},"Medium severity XSS vulnerabilities in history",15,{"reason":293,"points":257},"50% SQL queries not using prepared statements",{"reason":295,"points":61},"48% of outputs not properly escaped","2026-03-16T17:25:21.676Z",{"wat":298,"direct":305},{"assetPaths":299,"generatorPatterns":302,"scriptPaths":303,"versionParams":304},[300,301],"\u002Fwp-content\u002Fplugins\u002Fwp-svg-images\u002Fassets\u002Fcss\u002Fspio-upsell.css","\u002Fwp-content\u002Fplugins\u002Fwp-svg-images\u002Fassets\u002Fjs\u002Fspio-upsell.js",[],[301],[],{"cssClasses":306,"htmlComments":308,"htmlAttributes":309,"restEndpoints":310,"jsGlobals":311,"shortcodeOutput":313},[307],"wpsvg-notice",[],[],[],[235,312],"ajaxurl",[]]