Wp Svg Icons Project Wp Svg Icons vulnerabilities
2 known vulnerabilities affecting wp_svg_icons_project/wp_svg_icons.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-0863P3HIGHCVSS 7.2≤ 3.2.32022-06-13
CVE-2022-0863 [HIGH] CWE-434 CVE-2022-0863: The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon pack
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
nvd
CVE-2019-14216P3HIGHCVSS 8.8≤ 3.2.12019-08-14
CVE-2019-14216 [HIGH] CWE-352 CVE-2019-14216: An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for Wo
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
nvd