CVE-2021-24437
The CVE concerns the WordPress plugin Favicon by RealFaviconGenerator (versions up to 1.3.20). The vulnerability is a reflected XSS caused by insufficient sanitisation/escaping of a parameter, leading to script execution in the context of a logged-in administrator. The exploit involves an unsanit...