CVE-2024-7568Pixeljar · Favicon_generator
Vulnerability data via NVD (ingested)
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin. CVE-2024-7864 appears to be a duplicate of this issue.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2024-7568http.html:"/wp-content/plugins/favicon-generator/"product:"Pixeljar Favicon Generator"http.html:"Favicon Generator"More intel sources (5)
vuln:CVE-2024-7568vulnerabilities.cve_id: CVE-2024-7568CVE-2024-7568CVE-2024-7568"CVE-2024-7568" exploit -site:nvd.nist.gov