3 matches found
CVE-2024-7863
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...