CSRF Vulnerability in SVG Vector Icon Plugin for WordPress
CVE-2019-14216
8.8HIGH
Summary
The SVG Vector Icon Plugin, a popular plugin for WordPress, has a vulnerability that allows attackers to exploit cross-site request forgery (CSRF). This issue arises when the plugin mishandles custom icon uploads via the WordPress admin panel. Attackers can upload a ZIP archive containing a malicious PHP file, compromising the site's security and potentially allowing for remote code execution. Website administrators must take immediate action to secure their installations and prevent unauthorized file uploads.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved