ThreatPress

WordPress Vulnerabilities Database

Back

WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities

Product
All In One Favicon
Description
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin (versions <= 4.6).
Solution
This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-13832
Versions
Affected In <= 4.6
Disclosure date
2018-07-18
Credits
Javier Olmedo
Submitter
ThreatPress