CVE-2023-7167

🗓️ 27 Feb 2024 08:30:24Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 4179 Views🌐 WEB

The Persian Fonts WP plugin v1.6 allows stored XSS attacks by high-privilege users

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-7167	27 Feb 202410:26	–	circl
CNNVD	WordPress plugin Persian Fonts security vulnerability	27 Feb 202400:00	–	cnnvd
Cvelist	CVE-2023-7167 Persian Fonts <= 1.6 - Admin+ Stored XSS	27 Feb 202408:30	–	cvelist
NVD	CVE-2023-7167	27 Feb 202409:15	–	nvd
Patchstack	WordPress Persian Fonts Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)	31 Jan 202400:00	–	patchstack
Prion	Cross site scripting	27 Feb 202409:15	–	prion
Positive Technologies	PT-2024-15219 · WordPress · Persian Fonts Wordpress Plugin	27 Feb 202400:00	–	ptsecurity
Vulnrichment	CVE-2023-7167 Persian Fonts <= 1.6 - Admin+ Stored XSS	27 Feb 202408:30	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)	8 Feb 202414:49	–	wordfence
wpexploit	Persian Fonts <= 1.6 - Admin+ Stored XSS	30 Jan 202400:00	–	wpexploit

NVD

Vulners

Vulnrichment

Node

danialhatami persian_fontsRange≤1.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "Persian Fonts",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.6"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/6a2eb871-6b6e-4dbb-99f0-dd74d6c61e83/

Parameter	Position	Path	Description	CWE
textarea	request body	wp-admin/admin.php?page=persian-fonts%2Fpersian-fonts.php	Stored Cross-Site Scripting (XSS) vulnerability via unsanitized settings in Persian Fonts WordPress plugin (up to version 1.6) allowing admin-level privilege to inject script payload.	CWE-79

01 May 2025 14:45Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.1

EPSS0.00257

SSVC

CWE-79