CVE-2022-0863 – This vulnerability allows high-privileged WordP... (How to Fix)

Q: What is the severity of CVE-2022-0863?

CVE-2022-0863 has a CVSS score of 7.2 (HIGH). This vulnerability allows high-privileged WordPress users (like administrators) to upload malicious ZIP files containing PHP code through the WP SVG Icons plugin. Successful exploitation leads to remote code execution on the server. Only WordPress sites using the vulnerable plugin are affected.

📋 TL;DR

This vulnerability allows high-privileged WordPress users (like administrators) to upload malicious ZIP files containing PHP code through the WP SVG Icons plugin. Successful exploitation leads to remote code execution on the server. Only WordPress sites using the vulnerable plugin are affected.

💻 Affected Systems

Products:

WP SVG Icons WordPress Plugin

Versions: through 3.2.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin-level access to WordPress dashboard. Plugin must be installed and active.

📦 What is this software?

Wp Svg Icons by Wp Svg Icons Project

View all CVEs affecting Wp Svg Icons →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing attacker to execute arbitrary code, install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Administrator account compromise leads to website defacement, data theft, or malware installation.

🟢

If Mitigated

Limited impact with proper file upload restrictions and admin account security controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials. Attack involves uploading specially crafted ZIP file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.4 or later

Vendor Advisory: https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP SVG Icons plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.2.4+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the WP SVG Icons plugin until patched.

wp plugin deactivate wp-svg-icons

Restrict File Uploads

linux

Block ZIP file uploads via .htaccess or web server configuration.

<FilesMatch "\.(zip)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove admin access from untrusted users and implement strong password policies.
Implement web application firewall rules to block malicious file upload patterns.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 3.2.3 or earlier, you are vulnerable.

Check Version:

wp plugin get wp-svg-icons --field=version

Verify Fix Applied:

Confirm plugin version is 3.2.4 or later. Test file upload functionality with safe test files.

📡 Detection & Monitoring

Log Indicators:

Unusual ZIP file uploads to wp-content/uploads/svg-icons/
PHP file execution from uploads directory
Admin user uploading files at unusual times

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with file upload parameters
Unusual outbound connections from web server

SIEM Query:

source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND form_data CONTAINS ".zip")

📊 Metadata

CVE ID: CVE-2022-0863

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/a30212a0-c910-4657-aee1-4a2d72c77983 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0863, you might also want to check these: