CVE-2023-6541

Name of the Vulnerable Software and Affected Versions: Allow SVG WordPress plugin versions prior to 1.2.0

Description: The issue concerns the failure to sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload SVG files to higher roles until the update is applied.