Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-0863
HistoryJun 13, 2022 - 12:41 p.m.

CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE)

2022-06-1312:41:37
CWE-434
WPScan
www.cve.org
3
wp svg icons
wordpress
remote code execution
cve-2022-0863
admin
security vulnerability

EPSS

0.003

Percentile

71.7%

JSON

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.

CNA Affected

[
  {
    "product": "WP SVG Icons",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "3.2.3",
        "status": "affected",
        "version": "3.2.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

patchstack 1
nvd 1
cnvd 1
prion 1
checkpoint_advisories 1
cve 1
patchstack
patchstack
WordPress WP SVG Icons plugin <= 3.2.3 - Authenticated Remote Code Execution (RCE) vulnerability
2022-05-18 00:00:00
nvd
nvd
CVE-2022-0863
2022-06-13 13:15:10
cnvd
cnvd
WordPress WP SVG Icons plugin remote code execution vulnerability
2022-06-15 00:00:00
prion
prion
Remote code execution
2022-06-13 13:15:00
checkpoint_advisories
checkpoint_advisories
WordPress SVG Icons Plugin Arbitrary File Upload (CVE-2022-0863)
2022-11-28 00:00:00
cve
cve
CVE-2022-0863
2022-06-13 13:15:10

EPSS

0.003

Percentile

71.7%

JSON
Related for CVELIST:CVE-2022-0863
patchstack1nvd1cnvd1prion1checkpoint_advisories1cve1