WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP SVG Icons plugin version 3.2.3 and prior versions contain a remote code execution vulnerability that stems from the inability to properly validate uploaded custom icon packages. An attacker could exploit this vulnerability to upload a zip file containing malicious php code, which could lead to remote code execution.