The WP SVG Icons WordPress plugin up to and including 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp svg icons project wp svg icons |