VYPR

Wp Svg Icons

by WordPress

CVEs (2)

  • CVE-2019-14216HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.

  • CVE-2022-0863HigJun 13, 2022
    risk 0.49cvss 7.2epss 0.23

    The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.