Ziggurat Farsi Cms Security Vulnerabilities

CVE-2010-4989

SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.

CVE-2024-1752

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)