WordPress Plugin Vulnerabilities

Manager for Icomoon < 2.1 - Unauthenticated Arbitrary File Upload

Description

The plugin does not validate files to be uploaded via its upload() function, allowing unauthenticated users to upload an archive with PHP files which will be extracted on the blog

Affects Plugins

Plugin icon
manager-for-icomoon
Fixed in 2.1

References

CVE
CVE-2023-29386

Miscellaneous

Original Researcher
deokhunKim
Verified
No
WPVDB ID
03b30c6f-334d-43de-b6fb-5265fcc6148d

Timeline

Publicly Published
2023-05-08 (about 3 years ago)
Added
2023-08-21 (about 2 years ago)
Last Updated
2023-10-27 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
N-Media File Uploader < 2.0 Arbitrary File Upload
Published
2024-11-05
Title
WP JobSearch < 2.6.8 - Unauthenticated Arbitrary File Upload
Published
2025-10-18
Title
RTMKit < 1.6.6 - Authenticated (Contributor+) Arbitrary File Upload
Published
2015-10-29
Title
WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload
Published
2015-03-31
Title
VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload