CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-14351

CVE-2025-14351 concerns the WordPress plugin “Custom Fonts – Host Your Fonts Locally.” Wordfence’s vulnerability spotlight confirms a missing capability check in the constructor of the BCF_Google_Fonts_Compatibility class, affecting all versions up to and including 2.1.16. The result is unauthori...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-31578

CVE-2025-31578 – Fonts Manager | Custom Fonts (WordPress) is a reflected XSS vulnerability due to improper input neutralization during web page generation. Affected product: Fonts Manager | Custom Fonts (Fonts Manager plugin); vulnerable in versions from n/a up to 1.2. The CVE has CVSS v3.1 score...

CVE-2025-31578 WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...

WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elegant Custom Fonts Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27436 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e6a5548377b4 Credits Rio Darmawan...