CVE-2023-7088: 
WordPress vulnerability analysis and mitigation

The Add SVG Support for Media Uploader WordPress plugin through version 1.0.5 contains a security vulnerability identified as CVE-2023-7088, which was discovered and publicly disclosed on December 22, 2023. The vulnerability affects WordPress installations using the Add SVG Support for Media Uploader plugin by inventivo (CVE MITRE).

The vulnerability stems from the plugin's failure to properly sanitize uploaded SVG files. This security flaw allows users with privileges as low as Author role to upload malicious SVG files containing cross-site scripting (XSS) payloads. The vulnerability has been assigned a CVSS score of 4.8, indicating medium severity (WPScan).

When exploited, this vulnerability enables attackers to execute cross-site scripting attacks through malicious SVG files. Since the vulnerability affects the media upload functionality, any user with Author or higher privileges could potentially inject malicious code that would execute in other users' browsers when viewing the uploaded SVG file (WPScan).

Currently, there is no known fix available for this vulnerability in the Add SVG Support for Media Uploader plugin. Website administrators using this plugin should consider either removing it or implementing additional security controls to restrict SVG file uploads until a patched version is released (WPScan).