WP SVG Icons <= 3.2.2 - Cross-Site Request Forgery (CSRF) leading to RCE

Affects Plugin

fixed in version 3.2.3

References

CVE 2019-14216
URL https://zeroauth.ltd/blog/2019/08/09/cve-2019-14216-svg-vector-icon-plugin-wordpress-plugin-vulnerable-to-csrf-and-arbitrary-file-upload-leading-to-remote-code-execution/
URL https://plugins.trac.wordpress.org/changeset/2126096/svg-vector-icon-plugin

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher zeroauth
Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 3316
Verified No
WPVDB ID 9510

Timeline

Publicly Published 2019-08-09 (3 months ago)
Added 2019-08-15 (3 months ago)
Last Updated 2019-08-15 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin