exploitDog

CVE-2022-0863

Опубликовано: 13 июн. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Средний

Описание

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.

Ссылки

https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_svg_icons_project:wp_svg_icons:*:*:*:*:*:wordpress:*:*

Версия до 3.2.3 (включая)

EPSS

Процентиль: 94%

0.13293

Средний

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-554p-mpfq-v2c5

CVSS3: 7.2

github

больше 3 лет назад

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.

EPSS

Процентиль: 94%

0.13293

Средний

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

CWE-434