Medium severity6.1NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026
CVE-2021-24437
CVE-2021-24437
Description
The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.3.20+ 1 more
- (no CPE)range: <=1.3.20
- (no CPE)range: <=1.3.20
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.