WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities
- All In One Favicon
- Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin (versions <= 4.6).
- This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- Name CVE-2018-13832
- Disclosure date
- Javier Olmedo