Enable SVG, WebP & ICO Upload <= 1.0.4 – Arbitrary File Upload - [Enable SVG, WebP, and ICO Upload] Review | WordPress.org

Alain Sanchez
(@mrbrazzi)

10 months ago

The Enable SVG, WebP & ICO Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to 1.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site’s server which may make a potential remote code execution.

More information on the threat intel on the Wordfence website.

Viewing 1 replies (of 1 total)

Plugin Author ideasToCode
(@ideastocode)

7 months ago

Thanks. We have resolved it in the new version. Thanks.

Viewing 1 replies (of 1 total)

The topic ‘Enable SVG, WebP & ICO Upload <= 1.0.4 – Arbitrary File Upload’ is closed to new replies.

Tags

vulnerable

In: Reviews
1 reply
2 participants
Last reply from: ideasToCode
Last activity: 7 months ago