Lucene search
WPScanCVE-2024-7863HistorySep 13, 2024 - 6:15 a.m.
CVE-2024-7863
2024-09-1306:15:15
CWE-352
WPScan
web.nvd.nist.gov
24
wordpress plugin
arbitrary file upload
admin access
favicon generator
security vulnerability
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.8%
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server
Affected configurations
Node
pixeljarfavicon_generatorRange<2.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pixeljar | favicon_generator | * | cpe:2.3:a:pixeljar:favicon_generator:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Favicon Generator (CLOSED)",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.1"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
2024-09-13 06:00:04
cvelist
cvelist
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
2024-09-13 06:00:04
nvd
nvd
CVE-2024-7863
2024-09-13 06:15:15
wordfence
wordfence
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.8%
Related for CVE-2024-7863