CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24674

The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.8%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-24674

Genie Wp Favicon Project » Genie Wp Favicon » Version: N/A

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:-
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.2

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.2
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.3

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.3
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.4

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.4
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.5

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.5
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.5.1

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.5.1
Genie Wp Favicon Project » Genie Wp Favicon » Version: 0.5.2

cpe:2.3:a:genie_wp_favicon_project:genie_wp_favicon:0.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24674

Products

Pricing

Contact Us