Cross-site Scripting (XSS) Vulnerability in Favicon Rotator
CVE-2024-28001
7.1HIGH
What is CVE-2024-28001?
The Archetyped Favicon Rotator plugin for WordPress contains a vulnerability resulting from improper neutralization of user input during web page generation, specifically enabling reflected cross-site scripting (XSS) attacks. This vulnerability affects versions from n/a through 1.2.10, potentially allowing attackers to inject arbitrary web scripts into the user’s browser. When a user visits a compromised page, the injected script can be executed, which may lead to session hijacking, unauthorized data manipulation, or other malicious activities. Website owners using affected versions should prioritize updating to mitigate risks associated with this vulnerability.
Affected Version(s)
Favicon Rotator <= 1.2.10