CVE-2022-36343: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2022-36343 affects the WordPress plugin 'Enable SVG, WebP & ICO Upload' versions 1.0.1 and below. This security issue is classified as an Authenticated Stored Cross-Site Scripting (XSS) vulnerability that requires author or higher user role privileges to exploit (Patchstack, CVE Mitre).

The vulnerability was discovered by researcher Kim Jong Min and received a CVSS score of 3.8 (Low severity). The security issue was initially reported on August 1, 2022. The vulnerability was patched in plugin version 1.0.5 but was reintroduced in version 1.0.6, requiring a subsequent fix in version 1.0.7 (Wordfence).

The vulnerability could allow a malicious actor with author or higher privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

Users are advised to update to version 1.0.7 or later to remove the vulnerability. The developer has implemented security fixes in subsequent versions, with the latest version 1.1.2 including additional security measures such as cleaning malicious code from SVG files upon upload (WordPress Plugin).