Lucene search
K

62 matches found

NVD
NVD
added 6 days ago17 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
CVE
CVE
added 6 days ago20 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56760

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.47 Description The Blocksy Companion plugin for WordPress allows unauthenticated arbitrary file upload through the save attachments function. The issue occurs because the Custom Fonts extension uses a wp...

9.8CVSS6.3AI score0.00995EPSS
Exploits0References8
NVD
NVD
added 2026/07/08 2:17 p.m.12 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 1:5 p.m.5 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56414

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 Description An unauthenticated arbitrary file upload issue exists within the Advanced Reviews feature. The save attachments function fails to properly validate file extensions...

9.8CVSS6.3AI score0.00605EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-1800

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:54 p.m.12 views

WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability

Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-14011

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:16 a.m.5 views

CVE-2026-1800

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.3 views

CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.27 views

CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS0.00384EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.16 views

CVE-2026-1800

The CVE-2026-1800 entry concerns The Fonts Manager | Custom Fonts plugin for WordPress. A time-based SQL Injection affects all versions up to 1.2 via the fmcfIdSelectedFnt parameter, caused by insufficient escaping of user input and lack of proper SQL query preparation. This allows unauthenticate...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.15 views

PT-2026-26815

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.11 views

WordPress plugin Fonts Manager | Custom Fonts SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/03/18 5:16 p.m.12 views

Researchers found font-rendering trick to hide malicious commands

Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12295

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

5.1CVSS5.8AI score0.0011EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 4:31 a.m.35 views

CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

5.1CVSS0.0011EPSS
Exploits0References1
Rows per page
Query Builder