CVE-2023-7088

{"id": "CVE-2023-7088", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-05-15T20:15:30.040", "references": [{"url": "https://wpscan.com/vulnerability/8f515e36-9072-4fc4-9d2f-d50f1adde626/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads."}, {"lang": "es", "value": "El complemento Add SVG Support for Media Uploader | inventivo WordPress hasta la versi\u00f3n 1.0.5 no depura los archivos SVG cargados, lo que podr\u00eda permitir que los usuarios con un rol tan bajo como Autor carguen un SVG malicioso que contenga payloads XSS."}], "lastModified": "2025-06-12T14:04:04.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:inventivo:inventivo:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F567CF02-3A2E-44FD-9DA4-8E0815BF9A44", "versionEndIncluding": "1.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}