Lucene search
WPScanCVELIST:CVE-2021-24935HistoryDec 06, 2021 - 3:55 p.m.
CVE-2021-24935 WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-12-0615:55:35
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
30.1%
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
CNA Affected
[
{
"product": "WP Google Fonts",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.1.5",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24935
2021-12-06 16:15:08
nvd
nvd
CVE-2021-24935
2021-12-06 16:15:08
wpexploit
wpexploit
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-03 00:00:00
wpvulndb
wpvulndb
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-03 00:00:00
prion
prion
Cross site scripting
2021-12-06 16:15:00
cnvd
cnvd
WordPress WP Google Fonts plugin cross-site scripting vulnerability
2021-12-09 00:00:00