Does Favicon by RealFaviconGenerator have any unpatched vulnerabilities?

No. All known vulnerabilities in Favicon by RealFaviconGenerator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Favicon by RealFaviconGenerator compatible with WordPress 7.0?

According to WordPress.org data, Favicon by RealFaviconGenerator 1.3.46 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is Favicon by RealFaviconGenerator updated?

Favicon by RealFaviconGenerator was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is Favicon by RealFaviconGenerator's security score?

Favicon by RealFaviconGenerator has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Favicon by RealFaviconGenerator Security & Risk Analysis

wordpress.org/plugins/favicon-by-realfavicongenerator

Create and install your favicon for all platforms: PC/Mac, iPhone/iPad, Android devices, Windows 8 tablets...

200K active installs v1.3.46 PHP + WP 3.5+ Updated Mar 2, 2026

apple-touch-iconfaviconiconiphonelogo

A · Safe

CVEs total4

Unpatched0

Last CVEApr 10, 2024

Plugin page Download

Safety Verdict

Is Favicon by RealFaviconGenerator Safe to Use in 2026?

Generally Safe

Score 96/100

Favicon by RealFaviconGenerator has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 10, 2024Updated 1mo ago

Risk Assessment

The plugin 'favicon-by-realfavicongenerator' v1.3.46 exhibits a mixed security posture. While the static analysis shows a remarkably small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, and the taint analysis found no critical or high-severity issues, there are significant concerns related to its past vulnerability history and code signals. The plugin has a history of 4 known CVEs, including one high-severity and three medium-severity vulnerabilities, primarily related to Cross-Site Request Forgery and Cross-Site Scripting. The most recent vulnerability was patched in April 2024, suggesting active patching, but the recurring nature of these vulnerability types is a concern. Furthermore, the presence of SQL queries not using prepared statements and a lack of capability checks on any entry points (though the entry point count is zero) are weaknesses that, if an attack vector were to emerge, could be exploited. The high percentage of properly escaped output is a strength, but it does not entirely mitigate the risks posed by the historical vulnerabilities and the raw SQL query.

Key Concerns

1 High severity CVE (unpatched)
3 Medium severity CVEs (unpatched)
SQL queries without prepared statements
0 Capability checks on entry points
Flows with unsanitized paths

Vulnerabilities

Favicon by RealFaviconGenerator Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2021

2021

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-31422medium · 4.3Cross-Site Request Forgery (CSRF)

Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal

Apr 10, 2024 Patched in 1.3.30 (8d)

CVE-2022-0471medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Favicon by RealFaviconGenerator <= 1.3.22 - Reflected Cross-Site Scripting

Mar 21, 2022 Patched in 1.3.23 (673d)

CVE-2021-24437medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Favicon by RealFaviconGenerator <= 1.3.21 - Reflected Cross-Site Scripting

Jul 27, 2021 Patched in 1.3.21 (910d)

CVE-2015-10116high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Favicon by RealFaviconGenerator <= 1.2.12 - Reflected Cross-Site Scripting

Apr 1, 2015 Patched in 1.2.13 (3219d)

Code Analysis

Analyzed Mar 16, 2026

Favicon by RealFaviconGenerator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

92% escaped50 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

install_new_favicon (admin\class-favicon-by-realfavicongenerator-admin.php:186)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Favicon by RealFaviconGenerator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actioninitadmin\class-favicon-by-realfavicongenerator-admin.php:22

actionadmin_headadmin\class-favicon-by-realfavicongenerator-admin.php:24

filtergenesis_pre_load_faviconadmin\class-favicon-by-realfavicongenerator-admin.php:27

actioninitadmin\class-favicon-by-realfavicongenerator-admin.php:33

actionadmin_menuadmin\class-favicon-by-realfavicongenerator-admin.php:62

actionadmin_noticesadmin\class-favicon-by-realfavicongenerator-admin.php:77

actionadmin_initadmin\class-favicon-by-realfavicongenerator-admin.php:78

actionplugins_loadedfavicon-by-realfavicongenerator.php:40

actionplugins_loadedfavicon-by-realfavicongenerator.php:51

actionwp_headpublic\class-favicon-by-realfavicongenerator.php:12

actionlogin_headpublic\class-favicon-by-realfavicongenerator.php:13

filtergenesis_pre_load_faviconpublic\class-favicon-by-realfavicongenerator.php:16

Maintenance & Trust

Favicon by RealFaviconGenerator Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 2, 2026

PHP min version

Downloads5.2M

Community Trust

Rating98/100

Number of ratings800

Active installs200K

Alternatives

Favicon by RealFaviconGenerator Alternatives

Multicons

multicons

100

Multicons is a multi-favicon code generator which automatically inserts the necessary meta tags for favicons.

2K 1 CVE

wp-logo-login | تغییر لوگو ورود و سربرگ

change-logo-login

With the help of this plugin, you can change the logo of the WordPress admin section.

10 No CVEs

All In One Favicon

all-in-one-favicon

Easily add a Favicon to your site and the WordPress admin pages. Complete with upload functionality. Supports all three Favicon types (ico,png,gif).

70K 2 CVEs

Favicon Rotator

favicon-rotator

Easily set site favicon and even rotate through multiple icons

20K 1 CVE

WP Favicon Remover

wp-favicon-remover

100

This plugin adds the functionality to remove the WordPress default favicon since WordPress 5.4.

10K No CVEs

Developer Profile

Favicon by RealFaviconGenerator Developer Profile

phbernard

1 plugin · 200K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1203 days

View full developer profile

Detection Fingerprints

How We Detect Favicon by RealFaviconGenerator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/favicon-by-realfavicongenerator/public/css/site.css/wp-content/plugins/favicon-by-realfavicongenerator/public/js/site.js/wp-content/plugins/favicon-by-realfavicongenerator/admin/assets/css/admin.css

Generator Patterns

Favicon by RealFaviconGenerator

Version Parameters

favicon-by-realfavicongenerator/public/css/site.css?ver=favicon-by-realfavicongenerator/public/js/site.js?ver=favicon-by-realfavicongenerator/admin/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

favicon_settings_pagefbrfg-settings-wrapfavicon_appearance_pagefbrfg-appearance-wrap

HTML Comments

Data Attributes

data-plugin-slug="favicon-by-realfavicongenerator"data-realfavicongenerator-ajax-url

JS Globals

window.FaviconByRealFaviconGeneratorAdmin

REST Endpoints

/wp-json/favicon-by-realfavicongenerator/v1/settings

FAQ