The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server
Add your gear to cvedb and we'll alert you only when pixeljar ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.