3 matches found
CVE-2024-7568
CVE-2024-7568 (Favicon Generator for WordPress) affects the WordPress plugin Favicon Generator, version
CVE-2024-7863
The CVE-2024-7863 entry concerns the Favicon Generator (CLOSED) WordPress plugin prior to version 2.1. The vulnerability arises from lack of validation for uploaded files and missing CSRF protection, enabling a logged-in admin to upload arbitrary files (potentially PHP) to the server. Public sour...
CVE-2024-7864
The CVE concerns the WordPress Favicon Generator plugin (versions prior to 2.1). A lack of CSRF protection and insufficient path validation in the output_sub_admin_page_0() function allows an attacker to induce logged-in admins to delete arbitrary files on the server. Impact is high for integrity...