CVE-2024-7568

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the outputsubadminpage0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on...

WordPress Favicon Generator plugin < 2.1 - Arbitrary File Upload via CSRF vulnerability

Arbitrary File Upload via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Favicon Generator versions 2.1...