CVE-2021-24437

Name of the Vulnerable Software and Affected Versions The Favicon by RealFaviconGenerator WordPress plugin versions 1.3.20 and earlier

Description The issue is related to a Reflected Cross-Site Scripting (XSS) that occurs because one of the plugin's parameters is not properly sanitised or escaped before being outputted in the response. This XSS is executed in the context of a logged administrator.

Recommendations For versions 1.3.20 and earlier, update to a version later than 1.3.20 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.