VYPR
Medium severity6.5NVD Advisory· Published Sep 13, 2024· Updated Jun 17, 2026

CVE-2024-7864

CVE-2024-7864

Description

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.