CVE-2023-7088

Name of the Vulnerable Software and Affected Versions: The Add SVG Support for Media Uploader | inventivo WordPress plugin versions 1.0.0 through 1.0.5

Description: The issue concerns the failure to sanitize uploaded SVG files, potentially allowing users with a role as low as Author to upload malicious SVG files containing XSS payloads.

Recommendations: For versions 1.0.0 through 1.0.5, consider disabling the SVG upload feature until a patch is available to prevent the upload of malicious SVG files. Restrict access to the media uploader for users with low roles to minimize the risk of exploitation.