CVE-2023-5458

Name of the Vulnerable Software and Affected Versions CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin versions prior to 3.0

Description The issue concerns the failure to sanitise uploaded SVG files, potentially allowing users with a role as low as Author to upload malicious SVG files containing XSS payloads.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting file upload permissions to higher roles or disabling SVG file uploads until the update is applied.