5 matches found
WordPress svg-vector-icon-plugin plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress svg-vector-icon-plugin plugin. The...
CVE-2019-14216
An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...
CVE-2019-14216
An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...
CVE-2019-14216
An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...
CVE-2019-14216
The CVE-2019-14216 issue affects the WordPress WP SVG Icons plugin (svg-vector-icon-plugin) up to version 3.2.1. The vulnerability arises from CSRF in wp-admin/admin.php?page=wp-svg-icons-custom-set, which mishandles Custom Icon uploads and allows an attacker to upload a ZIP containing a .php fil...