VYPR

All In One Favicon

by WordPress

CVEs (2)

  • CVE-2023-24416MedFeb 23, 2024
    risk 0.44cvss 6.8epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.

  • CVE-2018-13832MedJul 16, 2018
    risk 0.34cvss 4.8epss 0.02

    Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.