Lucene search
China National Vulnerability DatabaseCNVD-2022-54970HistoryJun 15, 2022 - 12:00 a.m.
WordPress WP SVG Icons plugin remote code execution vulnerability
2022-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
wordpress
svg icons
remote code execution
vulnerability
php
custom icon packages
zip file
attack
EPSS
0.003
Percentile
71.7%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP SVG Icons plugin version 3.2.3 and prior versions contain a remote code execution vulnerability that stems from the inability to properly validate uploaded custom icon packages. An attacker could exploit this vulnerability to upload a zip file containing malicious php code, which could lead to remote code execution.
Related
patchstack
patchstack
nvd
nvd
CVE-2022-0863
2022-06-13 13:15:10
prion
prion
Remote code execution
2022-06-13 13:15:00
cvelist
cvelist
CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE)
2022-06-13 12:41:37
checkpoint_advisories
checkpoint_advisories
WordPress SVG Icons Plugin Arbitrary File Upload (CVE-2022-0863)
2022-11-28 00:00:00
cve
cve
CVE-2022-0863
2022-06-13 13:15:10