WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Favicon versions = 1.3.46...

CVE-2026-42754

The CVE-2026-42754 entry describes a Reflected XSS vulnerability in the WordPress plugin favicon-by-realfavicongenerator (Favicon), affecting versions up to and including 1.3.46. The underlying issue is improper neutralization of input during web page generation. Impact is Cross-Site Scripting, w...

CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

CVE-2022-0471

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue...

EUVD-2022-15610

Malicious code in bioql PyPI...

CVE-2024-35642 WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2...

WordPress Site Favicon Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Site Favicon Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 793a8085c766 Credits Cronus Required privilege Administrator...

WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by FearZzZz Patchstack Alliance in WordPress Plugin Favicon versions = 1.3.29...

CVE-2023-24416 WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7...

CVE-2023-44246

Cross-Site Request Forgery CSRF vulnerability in Matias s Shockingly Simple Favicon plugin = 1.8.2 versions...

CVE-2023-44246

CVE-2023-44246 affects the WordPress plugin Shockingly Simple Favicon (Matias’s Shockingly Simple Favicon), versions ≤ 1.8.2. Root issue: Cross-Site Request Forgery (CSRF) vulnerability impacting settings updates; could allow unauthorized actions to be performed on behalf of a logged-in user. Imp...

PT-2023-29170 · Unknown · Matias'S Shockingly Simple Favicon

Name of the Vulnerable Software and Affected Versions: Matias's Shockingly Simple Favicon plugin versions = 1.8.2 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of the user. Recommendations: For versions = 1.8.2,...

MyBB Favicon 1.0 Cross Site Scripting

Exploit Title: MyBB PGM Favicon Plugin 1.0 – Cross-Site Scripting Date: May 2, 2023 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1554 Version: 1.0 Tested On: Windows 10 Description: The favicon input in the settings doesn’t sanitize the favicon...

CVE-2015-10116

A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function installnewfavicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is...

CVE-2015-10116 RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery

A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function installnewfavicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is...

CVE-2015-10116

RealFaviconGenerator Favicon Plugin for WordPress (up to version 1.2.12) is affected. The vulnerability resides in install_new_favicon (admin/class-favicon-by-realfavicongenerator-admin.php), enabling cross-site request forgery (CSRF). Exploitation can be remotely initiated. A patch is available ...

PT-2023-10294 · Unknown · Realfavicongenerator Favicon Plugin

Name of the Vulnerable Software and Affected Versions: RealFaviconGenerator Favicon Plugin versions up to 1.2.12 Description: A problematic vulnerability has been found in the RealFaviconGenerator Favicon Plugin, affecting the install new favicon function of the file...

WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion

Software All In One Favicon Type Plugin Vulnerable versions = 4.7 Fixed in 4.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-24416 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID b9929b1d7eae Credits Mika Required privilege...

CVE-2022-0471

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue...