An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-14T20:03:03
Updated: 2024-08-05T00:12:42.853Z
Reserved: 2019-07-21T00:00:00
Link: CVE-2019-14216
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-08-14T21:15:13.487
Modified: 2024-11-21T04:26:13.400
Link: CVE-2019-14216
Redhat
No data.