Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24935
HistoryDec 06, 2021 - 3:55 p.m.

CVE-2021-24935 WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting

2021-12-0615:55:35
CWE-79
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

30.0%

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues

CNA Affected

[
  {
    "product": "WP Google Fonts",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.1.5",
        "status": "affected",
        "version": "3.1.5",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

30.0%

Related for CVELIST:CVE-2021-24935