8.1
CVE-2024-7863
- EPSS 0.28%
- Veröffentlicht 13.09.2024 06:15:15
- Zuletzt bearbeitet 27.09.2024 21:27:07
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFavicon Generator < 2.1 - Arbitrary File Upload via CSRF
Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Upload
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server
Mögliche Gegenmaßnahme
Favicon Generator (CLOSED): Update to version 2.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pixeljar ≫ Favicon Generator SwPlatformwordpress Version < 2.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Favicon Generator (CLOSED)
Version
*-1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.19 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 1.7 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/5e814b02-3870-4742-905d-ec03b0d31add/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9df24b5e-109e-43ae-b55b-8514281a631f