CVE-2023-7088
📋 TL;DR
This vulnerability in the Add SVG Support for Media Uploader WordPress plugin allows users with Author role or higher to upload malicious SVG files containing cross-site scripting (XSS) payloads. The plugin fails to properly sanitize SVG uploads, enabling attackers to inject malicious scripts that execute in victims' browsers. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Add SVG Support for Media Uploader WordPress plugin
📦 What is this software?
Inventivo by Inventivo
⚠️ Risk & Real-World Impact
Worst Case
An attacker with Author privileges could upload malicious SVG files that execute JavaScript in administrators' browsers when viewed, potentially leading to session hijacking, site defacement, or installation of backdoors.
Likely Case
Attackers exploit this to steal administrator session cookies, gain administrative access, and modify site content or install additional malicious plugins.
If Mitigated
With proper role-based access controls and content security policies, impact is limited to potential defacement of media library pages.
🎯 Exploit Status
Exploitation requires at least Author-level access. SVG XSS payloads are well-documented and easy to craft.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6
Vendor Advisory: https://wpscan.com/vulnerability/8f515e36-9072-4fc4-9d2f-d50f1adde626/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Add SVG Support for Media Uploader'. 4. Click 'Update Now' if available, or download version 1.0.6+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable SVG upload capability
allRemove SVG upload functionality by disabling the plugin or modifying WordPress functions.php
add_filter('upload_mimes', function($mimes) { unset($mimes['svg']); unset($mimes['svgz']); return $mimes; });
Restrict user roles
allLimit Author and higher roles to trusted users only
🧯 If You Can't Patch
- Remove the plugin entirely and use alternative SVG handling solutions
- Implement strict Content Security Policy headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Add SVG Support for Media Uploader' version ≤1.0.5Check Version:
wp plugin list --name='Add SVG Support for Media Uploader' --field=versionVerify Fix Applied:
Confirm plugin version is 1.0.6 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads by Author-level users
- Multiple failed login attempts followed by SVG uploads
Network Indicators:
- HTTP POST requests to /wp-admin/async-upload.php with SVG files
- Requests for uploaded SVG files with suspicious parameters
SIEM Query:
source="wordpress.log" AND ("uploaded.*svg" OR "async-upload") AND user_role="author"