CVE-2026-48973
Description
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SVG Support: from n/a through 2.5.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in SVG Support plugin (<=2.5.14) allows attackers to exploit incorrect access control security levels.
Vulnerability
The SVG Support plugin for WordPress versions up to and including 2.5.14 suffers from a missing authorization vulnerability. The plugin fails to properly enforce access controls on certain functions, allowing exploitation of incorrectly configured access control security levels [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted requests to the WordPress site, leveraging the missing authorization checks to perform actions normally restricted to higher-privileged users [1]. The vulnerability is actively used in mass-exploit campaigns, indicating a low barrier to exploitation.
Impact
Successful exploitation could allow an attacker to perform unauthorized actions, such as modifying plugin settings or uploading malicious SVG files, potentially leading to site compromise [1]. The exact impact depends on the specific missing authorization context.
Mitigation
The vulnerability has been fixed in a subsequent release. Users should update the SVG Support plugin to the latest version available [1]. If unable to update, restrict network access to the plugin's endpoints or implement additional security measures.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.5.14+ 1 more
- (no CPE)range: <=2.5.14
- (no CPE)range: <=2.5.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.