cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7864,https://securityvulnerability.io/vulnerability/CVE-2024-7864,Arbitrary File Deletion Vulnerability in Favicon Generator WordPress Plugin,"The Favicon Generator plugin for WordPress prior to version 2.1 is vulnerable due to the absence of proper Cross-Site Request Forgery (CSRF) and path validation mechanisms in the output_sub_admin_page_0() function. This lack of security measures permits authenticated attackers, such as logged-in administrators, to potentially manipulate the server's file structure, leading to unauthorized file deletions. It is essential for users of this plugin to update to the latest version to mitigate risks associated with this vulnerability.",Wordpress,Favicon Generator (closed),6.5,MEDIUM,0.0004799999878741801,false,,false,false,true,true,false,false,2024-09-13T06:00:04.341Z,0
CVE-2024-7863,https://securityvulnerability.io/vulnerability/CVE-2024-7863,Arbitrary File Upload Vulnerability in Favicon Generator WordPress Plugin,"The Favicon Generator plugin for WordPress prior to version 2.1 contains a vulnerability that permits the upload of arbitrary files due to insufficient file validation mechanisms. This absence of validation, compounded by a lack of Cross-Site Request Forgery (CSRF) protection, enables an attacker to exploit an authenticated admin session. Through this exploit, attackers could potentially upload malicious PHP files to the server, leading to various security concerns including unauthorized access, defacement, and data breaches.",Wordpress,Favicon Generator (closed),6.8,MEDIUM,0.0005000000237487257,false,,false,false,true,true,false,false,2024-09-13T06:00:04.133Z,0
CVE-2024-7568,https://securityvulnerability.io/vulnerability/CVE-2024-7568,Favicon Generator Plugin Vulnerable to Cross-Site Request Forgery,"The Favicon Generator plugin for WordPress exhibits a vulnerability related to Cross-Site Request Forgery (CSRF). This weakness stems from inadequate nonce validation within the output_sub_admin_page_0 function, allowing unauthorized entities to manipulate the plugin's actions. An attacker can potentially eliminate arbitrary files from the server if they manage to deceive an administrator into activating a malicious link. As a crucial mitigation step, the plugin's author has removed this functionality, urging users to transition to alternative options due to the closure of the plugin.",Wordpress,Favicon Generator (closed),8.1,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-08-24T02:02:31.547Z,0