CVE-2022-0863: 
WordPress vulnerability analysis and mitigation

The WP SVG Icons WordPress plugin through version 3.2.3 contains a vulnerability identified as CVE-2022-0863. The vulnerability was discovered and publicly disclosed on May 18, 2022, affecting the svg-vector-icon-plugin component. This security issue involves improper validation of uploaded custom icon packs, which poses a significant security risk to WordPress installations using this plugin (WPScan).

The vulnerability is classified as a Remote Code Execution (RCE) issue with a CVSS score of 6.6 (medium severity). It is categorized under OWASP Top 10 A1: Injection and CWE-94. The technical nature of the vulnerability stems from insufficient validation of uploaded custom icon packs, which can be exploited through the plugin's file upload functionality (WPScan).

When exploited, this vulnerability allows high-privileged users such as administrators to upload zip files containing malicious PHP code, which can lead to remote code execution on the affected WordPress installation. This could potentially give attackers the ability to execute arbitrary commands on the server (CVE Mitre).

As of the last update, there is no known fix available for this vulnerability. Users of the WP SVG Icons WordPress plugin should consider either removing the plugin or implementing additional security controls to restrict access to the custom icon pack upload functionality (WPScan).