Enable SVG, WebP & ICO Upload <= 1.0.4 – Arbitrary File Upload
-
The Enable SVG, WebP & ICO Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to 1.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site’s server which may make a potential remote code execution.
More information on the threat intel on the Wordfence website.
- You must be logged in to reply to this review.