VYPR

Favicon By Realfavicongenerator

by WordPress

CVEs (6)

  • CVE-2026-42754HigMay 27, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through <= 1.3.46.

  • CVE-2024-7863MedSep 13, 2024
    risk 0.44cvss 6.8epss 0.00

    The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

  • CVE-2024-7864MedSep 13, 2024
    risk 0.42cvss 6.5epss 0.00

    The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

  • CVE-2021-24437MedAug 30, 2021
    risk 0.40cvss 6.1epss 0.01

    The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator.

  • CVE-2022-0471MedApr 11, 2022
    risk 0.33cvss 6.1epss 0.01

    The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue

  • CVE-2024-31422MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29.