Vulnerability Details CVE-2024-7568
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 9.6
References
Products affected by CVE-2024-7568
-
cpe:2.3:a:pixeljar:favicon_generator:-
-
cpe:2.3:a:pixeljar:favicon_generator:1.1
-
cpe:2.3:a:pixeljar:favicon_generator:1.2
-
cpe:2.3:a:pixeljar:favicon_generator:1.3
-
cpe:2.3:a:pixeljar:favicon_generator:1.4
-
cpe:2.3:a:pixeljar:favicon_generator:1.5