Skip to main content

Favicon Generator

3 CVEs product

Monthly

CVE-2024-7864 MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Favicon Generator
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7863 MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Favicon Generator
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-7568 CRITICAL PATCH Act Now

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Favicon Generator
NVD
CVSS 3.1
9.6
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Favicon Generator
NVD WPScan
EPSS 0% CVSS 6.8
MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP +1
NVD WPScan
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Favicon Generator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy