Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.5 views

CVE-2021-24782

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.1AI score0.00598EPSS
Exploits2References1
Circl
Circl
added 2021/12/13 2:22 p.m.10 views

CVE-2021-24782

creationtimestamp| type| source ---|---|--- 2021-12-13 14:22:02+00:00| seen| https://t.me/cibsecurity/33797...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.10 views

CVE-2021-24782

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:40 a.m.46 views

CVE-2021-24782

CVE-2021-24782 affects the WordPress Flex Local Fonts plugin (versions ≤ 1.0.0). The vulnerability stems from not escaping the Class Name field when a font is added, allowing stored Cross-Site Scripting for users with Admin+ privileges, even with unfiltered_html disallowed. PoCs describe a payloa...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:40 a.m.15 views

CVE-2021-24782 Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00598EPSS
Exploits2References1
Rows per page
Query Builder