CVE-2022-36285: 
WordPress vulnerability analysis and mitigation

The CVE-2022-36285 is an Authenticated Arbitrary File Upload vulnerability affecting the WordPress plugin 'Uploading SVG, WEBP and ICO files' versions 1.0.1 and below. The vulnerability was discovered and reported on August 12, 2022, by security researcher Kim Jong Min (Universe) (Patchstack).

The vulnerability has been assigned a CVSS score of 7.2 (High severity). The issue stems from the plugin's failure to properly validate uploaded files, which could allow authenticated users with high privileges to upload arbitrary files to the WordPress installation (WPScan).

If exploited, this vulnerability could allow authenticated attackers to upload malicious files to the affected WordPress installation, potentially leading to remote code execution or further system compromise. The vulnerability requires authentication, which somewhat limits its potential impact (Patchstack).

As of October 28, 2023, the plugin has been closed and is no longer available for download due to security issues. No official fix has been released. Website administrators are advised to remove the plugin and find alternative solutions (WordPress).