Dear All,

Here are the brief updates we’ve made to our plugins:

1. We have resolved all the security issues raised for the plugins, and they now eliminate all vulnerabilities.
2. We have removed the notices that appeared during plugin installation—everything has been resolved.
3. We have moved the plugin under “Settings,” removing unnecessary additions to the WordPress admin sidebar.

We will continue to make frequent updates to address any issues in the future.

Thank you for your support.

May i ask why all security patches from version 1.05 have been removed in 1.06?

The plugin was flagged as insecure. Now it is insecure again?

Notice: Function add_submenu_page was called incorrectly. The seventh parameter passed to add_submenu_page() should be numeric representing menu position.

Your code in this functions is wrong

	public function add_options_page(){
		global $admin_page_hooks;
		$plugin_slug_name = $this->get_plugin_slug();
		$plugin_title = $this->get_plugin_title();
		//add_options_page
		if ( empty ( $admin_page_hooks[$plugin_slug_name] ) ){
			add_options_page( 
				__( $plugin_title, $plugin_slug_name ),
				__( $plugin_title, $plugin_slug_name ),
				'manage_options',
				$plugin_slug_name,
				array( $this, 'itc_svg_upload_option_page' ),
				'dashicons-images-alt2',
			);
		}
	}

It should be

	public function add_options_page(){
		global $admin_page_hooks;
		$plugin_slug_name = $this->get_plugin_slug();
		$plugin_title = $this->get_plugin_title();
		//add_options_page
		if ( empty ( $admin_page_hooks[$plugin_slug_name] ) ){
			add_options_page( 
				__( $plugin_title, $plugin_slug_name ),
				__( $plugin_title, $plugin_slug_name ),
				'manage_options',
				$plugin_slug_name,
				array( $this, 'itc_svg_upload_option_page' )
			);
		}
	}

Or

	public function add_options_page(){
		global $admin_page_hooks;
		$plugin_slug_name = $this->get_plugin_slug();
		$plugin_title = $this->get_plugin_title();
		//add_options_page
		if ( empty ( $admin_page_hooks[$plugin_slug_name] ) ){
			add_options_page( 
				__( $plugin_title, $plugin_slug_name ),
				__( $plugin_title, $plugin_slug_name ),
				'manage_options',
				$plugin_slug_name,
				array( $this, 'itc_svg_upload_option_page' ),
				99,
			);
		}
	}

Please adjust

Hi.,

On our site we have been using your plugin ” Enable SVG, WebP & ICO Upload ?By?ideasToCode ” . It causes Security risk:?xss.?Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration .

Ref : https://prnt.sc/MsKeaXSXZX6l

Are you planned any update regarding fix this issue on your further update . Let me know the EST on it ?

Thank you.

Enable SVG, WebP & ICO Upload plugin <= 1.0.3 – Authenticated Arbitrary File Upload

Enable SVG, WebP & ICO Upload plugin <= 1.0.3 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability

https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-arbitrary-file-upload-vulnerability?_a_id=110

https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability?_a_id=110

• This topic was modified 1 year, 9 months ago by spiralofhope. Reason: clarity
• This topic was modified 1 year, 9 months ago by spiralofhope.

Your notice that says “Also, check our other plugin!” is driving me crazy, I close it and a few clicks or half the day later it is back! How do I remove it and stop it from showing up on my wp-admin?