CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31422 – WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31422
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Philippe Bernard Favicon. Este problema afecta a Favicon: desde n/a hasta 1.3.29. The Favicon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.29. This is due to missing or incorrect nonce validation on the process_ignored_notice() function. • https://patchstack.com/database/vulnerability/favicon-by-realfavicongenerator/wordpress-favicon-by-realfavicongenerator-plugin-1-3-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0471 – Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0471
21 Mar 2022 — The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue El plugin Favicon by RealFaviconGenerator de WordPress anterior a 1.3.23, no sanea ni escapa del parámetro json_result_url antes de devolverlo al panel de administración de Favicon, conllevando a un problema de Cross-Site Scripting reflejado • https://plugins.trac.wordpress.org/changeset/2695862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24437 – Favicon by RealFaviconGenerator <= 1.3.20 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24437
27 Jul 2021 — The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator. El plugin de WordPress Favicon by RealFaviconGenerator versiones hasta 1.3.20, no sanea ni escapa de uno de sus parámetros antes de devolverlo a la respuesta, conllevando a un problema de tipo Cross-Site Scripting (XSS) Reflejado que se ejecu... • https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10116 – RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10116
01 Apr 2015 — A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. • https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •