cleantalk
Vulnerabilities and Security Researches

Favicon Generator, CVE-2024-7863

CVE, Research URL

CVE-2024-7863

Home page URL

Security reports for Favicon Generator

Application

Favicon Generator

Published on
Sep 13, 2024
Research Description
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server
Affected versions
max 2.1.
Status
vulnerable
Previous vulnerability researches
Favicon Generator (CVE-2024-7864) , Sep 15, 2024
Favicon Generator (CVE-2024-7863) , Aug 29, 2024
Favicon Generator (CVE-2024-7568) , Aug 25, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026