2 matches found
CVE-2022-0863
The WP SVG Icons WordPress plugin (versions ≤ 3.2.3) is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded custom icon packs. An admin/high-privilege user can upload a ZIP containing malicious PHP code, leading to remote code execution. Publ...
CVE-2019-14216
The CVE-2019-14216 issue affects the WordPress WP SVG Icons plugin (svg-vector-icon-plugin) up to version 3.2.1. The vulnerability arises from CSRF in wp-admin/admin.php?page=wp-svg-icons-custom-set, which mishandles Custom Icon uploads and allows an attacker to upload a ZIP containing a .php fil...