Skip to main content

Favicon By Realfavicongenerator

2 CVEs product

Monthly

CVE-2022-0471 MEDIUM POC PATCH This Month

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Favicon By Realfavicongenerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24437 MEDIUM POC This Month

The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Favicon By Realfavicongenerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Favicon By Realfavicongenerator
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Favicon By Realfavicongenerator
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy