CVE-2022-0863 Information

Description

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs allowing an high privileged user like an admin to upload a zip file containing malicious php code leading to remote code execution.

Reference

https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983