[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fF7kClhedLHSkmEfHQpb9jBSdfLxptw6kFQgdqEbSRZ0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":55,"analysis":148,"fingerprints":187},"site-favicon","Site Favicon","1.0","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fsupport\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Add a favicon.\u003C\u002Fp>\n\u003Cp>Set the favicon URL under \u003Cem>Appearance > Customize > Site Identity > Site Favicon\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cem>This plugin is especially useful if you’d like to set a Site Icon, but also need to set a unique favicon separate from it.\u003C\u002Fem>\u003C\u002Fp>\n","Add a favicon.",5000,29658,76,4,"2026-01-21T13:43:00.000Z","6.8.5","5.0","",[20,21,22,23],"favicon","favorites-icon","icon","site-icon","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-favicon.zip",99,1,0,"2024-05-30 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-35642","site-favicon-authenticated-admin-stored-cross-site-scripting","Site Favicon \u003C= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting","The Site Favicon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=0.2","0.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-06-05 14:24:41",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0008b460-0c28-4e72-9c87-eda91989e39a?source=api-prod",7,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},"webguyio",30,52370,100,629,79,"2026-04-04T05:39:38.932Z",[56,74,93,111,125],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":51,"num_ratings":65,"last_updated":66,"tested_up_to":16,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":51,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"custom-favicon","Custom Favicon – Easily Add a Favicon in WordPress","1.1.0","Harish Chouhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhchouhan\u002F","\u003Cp>\u003Cstrong>Custom Favicon\u003C\u002Fstrong> lets you upload and manage favicons for your WordPress website, admin area, and login screen using the native media uploader. Unlike the built-in Site Icon feature, this plugin gives you full control — including support for separate frontend and backend icons, Apple touch icons, dark mode icons, and SVG format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Upload custom favicon for frontend (browser tab icon)\u003Cbr \u002F>\n– Upload separate favicon for WordPress Dashboard and login page\u003Cbr \u002F>\n– Upload Apple touch icons for iOS devices\u003Cbr \u002F>\n– Upload dark mode specific favicon\u003Cbr \u002F>\n– SVG favicon support\u003Cbr \u002F>\n– Option to disable default WordPress Site Icon output\u003Cbr \u002F>\n– Clean and simple settings page under \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Custom Favicon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is useful for:\u003Cbr \u002F>\n– Replacing the default WordPress favicon\u003Cbr \u002F>\n– Branding the WordPress dashboard for clients\u003Cbr \u002F>\n– Adding modern favicon features with minimal setup\u003C\u002Fp>\n\u003Cp>Official plugin page: \u003Ca href=\"https:\u002F\u002Fthemeist.com\u002Fplugins\u002Fwordpress\u002Fcustom-favicon\u002F\" rel=\"nofollow ugc\">Custom Favicon on Themeist\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Need help? Ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcustom-favicon\u002F\" rel=\"ugc\">Support Forum on WordPress.org\u003C\u002Fa>\u003C\u002Fp>\n","Easily add a custom favicon and Apple touch icon to your WordPress site, including support for dark mode, SVG icons, and admin dashboard branding.",92569,17,"2025-07-25T13:43:00.000Z","6.0","7.4",[70,20,22,23,71],"dark-mode","svg-icon","https:\u002F\u002Fthemeist.com\u002Fplugins\u002Fwordpress\u002Fcustom-favicon\u002F#utm_source=wp-plugin&utm_medium=i-recommend-this&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-favicon.1.1.0.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":51,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":90,"download_link":91,"security_score":92,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"remove-site-icon","Remove Site Icon","1","amit5204","https:\u002F\u002Fprofiles.wordpress.org\u002Famit5204\u002F","\u003Cp>This plugin will remove site icon\u002Ffavicon from frontend and admin.\u003C\u002Fp>\n","This plugin will remove site icon\u002Ffavicon from frontend and admin.",80,2412,2,"2022-12-13T16:12:00.000Z","6.1.10","4.9.6",[89,75],"remove-favicon","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-site-icon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-site-icon.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":51,"num_ratings":84,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":109,"download_link":110,"security_score":92,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"vanilla-bean-icon-setter","Vanilla Bean – Icon Setter","2.81","vsmash","https:\u002F\u002Fprofiles.wordpress.org\u002Fvsmash\u002F","\u003Cp>Icon Setter (Iconifier) is a simple set-site-icon plugin for all devices.\u003C\u002Fp>\n\u003Cp>Simply visit settings in admin, upload or choose your logo from the media\u003Cbr \u002F>\nlibrary and it will set:\u003Cbr \u002F>\n*   All Apple device icons and tiles\u003Cbr \u002F>\n*   All windows device icons and tiles\u003Cbr \u002F>\n*   All Android and smartphone device icons and tiles\u003Cbr \u002F>\n*   ALl desktop website icons\u003C\u002Fp>\n\u003Cp>Designed to solve your wordpress website branding setup in moments without\u003Cbr \u002F>\ndependency on themes or jetpack.\u003C\u002Fp>\n\u003Cp>Vanilla Beans are published separately so that you can choose your beans to suit\u003Cbr \u002F>\nyour needs.\u003C\u002Fp>\n\u003Cp>See your Vanilla Bean page in admin for other beans available.\u003C\u002Fp>\n\u003Cp>Tested with php v5.4 to v7.4\u003Cbr \u002F>\nPHP v5.5+ supports cropping of Microsoft wide tile image version.\u003C\u002Fp>\n","Icon Setter (Iconifier) is a simple set-site-icon plugin for all devices.",20,3935,"2020-07-21T03:25:00.000Z","5.4.19","4.0",[107,20,22,108,23],"branding","iconify","http:\u002F\u002Fwww.velvary.com.au\u002Fvanilla-beans\u002Fwordpress\u002FIconifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvanilla-bean-icon-setter.2.81.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":27,"downloaded":119,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":120,"requires_at_least":67,"requires_php":68,"tags":121,"homepage":18,"download_link":123,"security_score":51,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":124},"huntsman-dark-mode-site-icon","Huntsman Dark Mode Site Icon","1.0.0","Josh Hunt","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuntsmanmedia\u002F","\u003Cp>Huntsman Dark Mode Site Icon allows you to set a separate site icon for light and dark mode.\u003C\u002Fp>\n\u003Cp>Upload one icon for light mode using WordPress’s built-in Site Icon, and upload a separate icon for dark mode using this plugin. The appropriate icon is then displayed automatically based on the visitor’s system theme.\u003C\u002Fp>\n\u003Cp>No code or configuration is required. If no dark mode icon is set, WordPress behaves exactly as normal.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Separate site icons for light mode and dark mode\u003C\u002Fli>\n\u003Cli>Simple upload interface in the WordPress admin\u003C\u002Fli>\n\u003Cli>Works on the frontend, admin area, and login screen\u003C\u002Fli>\n\u003Cli>Optional enable\u002Fdisable toggle\u003C\u002Fli>\n\u003Cli>Does not replace or override the core WordPress Site Icon\u003C\u002Fli>\n\u003Cli>Accessable via the WP API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Icon (WordPress)\u003C\u002Fstrong>\u003Cbr \u002F>\nThis is the default WordPress Site Icon and is still managed by WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Dark Mode Site Icon\u003C\u002Fstrong>\u003Cbr \u002F>\nThis icon is only used when the user’s system is in dark mode and the browser supports \u003Ccode>prefers-color-scheme\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If the Dark Mode Site Icon is not set, the plugin does nothing and WordPress behaves normally.\u003C\u002Fp>\n\u003Ch3>REST API\u003C\u002Fh3>\n\u003Cp>The plugin exposes a public REST endpoint for accessing the Dark Mode Site Icon:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp-json\u002Fhdmsi\u002Fv1\u002Ficons\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example response:\u003Cbr \u002F>\n{\u003Cbr \u002F>\n“enabled”: true,\u003Cbr \u002F>\n“dark”: {\u003Cbr \u002F>\n“id”: 123,\u003Cbr \u002F>\n“url”: “https:\u002F\u002Fexample.com\u002Ficon-dark.png”\u003Cbr \u002F>\n}\u003Cbr \u002F>\n}\u003Cbr \u002F>\nA dark-mode Web App Manifest is also available at:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp-json\u002Fhdmsi\u002Fv1\u002Fmanifest?mode=dark\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Set separate site icons for light and dark mode based on the visitor’s system theme.",101,"6.9.4",[70,20,122,23],"prefers-color-scheme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhuntsman-dark-mode-site-icon.zip","2026-03-15T10:48:56.248Z",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":18,"tags":140,"homepage":144,"download_link":145,"security_score":146,"vuln_count":14,"unpatched_count":27,"last_vuln_date":147,"fetched_at":29},"favicon-by-realfavicongenerator","Favicon by RealFaviconGenerator","1.3.46","phbernard","https:\u002F\u002Fprofiles.wordpress.org\u002Fphbernard\u002F","\u003Cp>Generate and setup a favicon for desktop browsers, iPhone\u002FiPad, Android devices, Windows 8 tablets and more. In a matter of seconds, design an icon that looks great on all major platforms.\u003C\u002Fp>\n\u003Cp>Favicon is not just a single \u003Ccode>favicon.ico\u003C\u002Fcode> file dropped in the middle of your site. Nowadays, with so many different platforms and devices, you need a bunch of pictures to get the job done. With RealFaviconGenerator, generate all the icons you need for desktop browsers, iPhone\u002FiPad, Android devices, Windows 8 devices, and more.\u003C\u002Fp>\n\u003Cp>iOS devices use a high resolution Apple touch icon to illustrate bookmarks and home screen shortcuts. A first generation iPhone needs a 57×57 picture, whereas a brand new iPad with Retina screen looks for a 152×152 picture. Android Chrome also use these pictures if it finds them. Windows 8 takes another route with a dedicated set of icons and HTML declarations.\u003C\u002Fp>\n\u003Cp>Favicon is not only a matter of pictures with different resolutions. The various platforms coms with different UI guidelines. For example, the classic desktop favicons often use transparency. But iOS requires opaque icons. And Windows 8 has its own recommendations.\u003C\u002Fp>\n\u003Cp>Save hours of research and image edition with RealFaviconGenerator and its companion plugin. In a matter of seconds, you setup a favicon compatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Windows (IE, Chrome, Firefox, Opera, Safari)\u003C\u002Fli>\n\u003Cli>Mac (Safari, Chrome, Firefox, Opera, Camino)\u003C\u002Fli>\n\u003Cli>iOS (Safari, Chrome, Coast)\u003C\u002Fli>\n\u003Cli>Android (Chrome, Firefox)\u003C\u002Fli>\n\u003Cli>Surface (IE)\u003C\u002Fli>\n\u003Cli>And more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We take compatibility very seriously. See http:\u002F\u002Frealfavicongenerator.net\u002Ffavicon_compatibility for the full list.\u003C\u002Fp>\n\u003Cp>This plugin relies on \u003Ca href=\"http:\u002F\u002Frealfavicongenerator.net\" rel=\"nofollow ugc\">RealFaviconGenerator\u003C\u002Fa> when you create your favicon. Browse its \u003Ca href=\"https:\u002F\u002Frealfavicongenerator.net\u002Fterms_of_service\" rel=\"nofollow ugc\">terms of service\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Frealfavicongenerator.net\u002Fprivacy_policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa> for additional information.\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English (\u003Ccode>en_EN\u003C\u002Fcode>) by \u003Ca href=\"http:\u002F\u002Frealfavicongenerator.net\u002F\" rel=\"nofollow ugc\">Philippe Bernard\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French (\u003Ccode>fr_FR\u003C\u002Fcode>) by \u003Ca href=\"http:\u002F\u002Frealfavicongenerator.net\u002F\" rel=\"nofollow ugc\">Philippe Bernard\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Swedish (\u003Ccode>sv_SE\u003C\u002Fcode>) by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fwileryd\" rel=\"nofollow ugc\">Linus Wileryd\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese (\u003Ccode>pt_BR\u003C\u002Fcode>) by Marcelo Volgarini, \u003Ca href=\"http:\u002F\u002Fwww.techload.com.br\u002Fcriacao-de-sites-ribeirao-preto\" rel=\"nofollow ugc\">Criação de Sites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch (\u003Ccode>nl_NL\u003C\u002Fcode>) by \u003Ca href=\"https:\u002F\u002Feco13.eu\" rel=\"nofollow ugc\">Axel Vanderhaeghen\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Danish (\u003Ccode>da_DK\u003C\u002Fcode>) by \u003Ca href=\"http:\u002F\u002Falexanderleohansen.dk\u002F\" rel=\"nofollow ugc\">Alexander Leo-Hansen\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Czech (\u003Ccode>cs_CZ\u003C\u002Fcode>) by an anonymous translator\u003C\u002Fli>\n\u003Cli>Polish (\u003Ccode>pl_PL\u003C\u002Fcode>) by \u003Ca href=\"http:\u002F\u002Fmaciej-gryniuk.tk\u002F\" rel=\"nofollow ugc\">Maciej Gryniuk\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian (\u003Ccode>ru_RU\u003C\u002Fcode>) by Natasha Diatko, \u003Ca href=\"https:\u002F\u002Fwww.ustarcash.com\" rel=\"nofollow ugc\">UStarCash\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Indonesian (\u003Ccode>id_ID\u003C\u002Fcode>) by \u003Ca href=\"https:\u002F\u002Fwww.chameleonjohn.com\u002F\" rel=\"nofollow ugc\">Jordan Silaen\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcoderisk.com\u002Fwp\u002Fplugin\u002Ffavicon-by-realfavicongenerator\u002FRIPS-TVYsdQTMAr\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Create and install your favicon for all platforms: PC\u002FMac, iPhone\u002FiPad, Android devices, Windows 8 tablets...",200000,5216829,98,800,"2026-03-02T16:20:00.000Z","7.0","3.5",[141,20,22,142,143],"apple-touch-icon","iphone","logo","http:\u002F\u002Frealfavicongenerator.net\u002Fextensions\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffavicon-by-realfavicongenerator.1.3.46.zip",96,"2024-04-10 00:00:00",{"attackSurface":149,"codeSignals":165,"taintFlows":172,"riskAssessment":173,"analyzedAt":186},{"hooks":150,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":27,"unprotectedCount":27},[151,157],{"type":152,"name":153,"callback":154,"priority":51,"file":155,"line":156},"action","wp_head","sitefavicon_add_custom","site-favicon.php",19,{"type":152,"name":158,"callback":159,"file":155,"line":160},"customize_register","sitefavicon_customizer_setting",27,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":171},[],{"prepared":27,"raw":27,"locations":168},[],{"escaped":26,"rawEcho":27,"locations":170},[],[],[],{"summary":174,"deductions":175},"The \"site-favicon\" v1.0 plugin exhibits a generally good security posture based on the static analysis provided. The absence of any identified dangerous functions, SQL queries not using prepared statements, unescaped output, file operations, external HTTP requests, and the lack of a significant attack surface (entry points) are all positive indicators. The taint analysis also shows no concerning flows, suggesting the code is not immediately vulnerable to common injection attacks through its analyzed paths.\n\nHowever, the plugin's history is a significant concern. With one known CVE, specifically a Cross-site Scripting (XSS) vulnerability, that was recently patched, it indicates a past weakness. While currently unpatched vulnerabilities are zero, the existence of past XSS issues, even if resolved, suggests potential for similar vulnerabilities to reappear if not thoroughly re-audited. The lack of capability checks and nonce checks in the static analysis, while not a direct problem given the zero entry points, means that if any entry points were to be introduced in future versions, they might lack fundamental security measures.\n\nIn conclusion, the current version of \"site-favicon\" appears to be secure based on the static code review. The primary risk stems from its vulnerability history, particularly the past XSS issue. While the current implementation seems robust, diligent ongoing security review and testing for future versions are highly recommended to prevent recurrence of past vulnerabilities.",[176,179,181,184],{"reason":177,"points":178},"Vulnerability history: 1 medium CVE",8,{"reason":180,"points":46},"Past XSS vulnerability",{"reason":182,"points":183},"No capability checks",3,{"reason":185,"points":183},"No nonce checks","2026-03-16T18:07:07.540Z",{"wat":188,"direct":194},{"assetPaths":189,"generatorPatterns":191,"scriptPaths":192,"versionParams":193},[190],"\u002Fwp-content\u002Fplugins\u002Fsite-favicon\u002Fsite-favicon.php",[],[],[],{"cssClasses":195,"htmlComments":196,"htmlAttributes":197,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":200},[],[],[],[],[],[]]