RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery
CVE-2015-10116

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Favicon Plugin
Vendor
CVE Published:
6 June 2023

Summary

A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.

Affected Version(s)

Favicon Plugin 1.2.0

Favicon Plugin 1.2.1

Favicon Plugin 1.2.2

References

https://vuldb.com/?id.230661
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230661
signaturepermissions-required
https://github.com/wp-plugins/favicon-by-realfavicongener...
patch

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kacper Szurek
VulDB GitHub Commit Analyzer
.