CVE-2023-4460

Name of the Vulnerable Software and Affected Versions Uploading SVG, WEBP and ICO files WordPress plugin versions 1.2.1 and earlier

Description The issue concerns the failure to sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. This could potentially lead to security issues.

Recommendations For versions 1.2.1 and earlier, consider disabling the SVG upload feature until a patch is available to prevent potential exploitation. Restrict access to the plugin's upload functionality to minimize the risk of malicious file uploads. Avoid using the plugin to upload SVG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.