Stored Cross-Site Scripting Vulnerability in Your Simple SVG Support Plugin for WordPress
CVE-2025-2542

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Your Simple Svg Support
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-2542?

The Your Simple SVG Support plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) attack through SVG file uploads. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to introduce unauthorized web scripts into the application. When users access the compromised SVG file, the injected scripts can be executed, leading to potential security breaches and unauthorized actions within the affected WordPress installations.

Affected Version(s)

Your Simple SVG Support * <= 1.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/your-simple-sv...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 19, 2025

Credit

Avraham Shemesh