Medium severity6.5NVD Advisory· Published Sep 13, 2024· Updated Jun 17, 2026
CVE-2024-7864
CVE-2024-7864
Description
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6ce62e78-04a4-46b2-b97f-c4ef8f3258c3/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.