CVE-2023-7086

{"id": "CVE-2023-7086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-05-15T20:15:29.950", "references": [{"url": "https://wpscan.com/vulnerability/94954e1a-dc09-4811-b57d-b12bf69a767d/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads."}, {"lang": "es", "value": "El complemento SVG Uploads Support de WordPress hasta la versi\u00f3n 2.1.1 no depura los archivos SVG cargados, lo que podr\u00eda permitir que los usuarios con un rol tan bajo como Autor carguen un SVG malicioso que contenga payloads XSS."}], "lastModified": "2025-06-12T14:06:43.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ablyperu:svg_uploads_support:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5685B0FB-0F82-47CF-941D-02C5308726F5", "versionEndIncluding": "2.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}