WordPress Font Farsi plugin <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by emad in WordPress Plugin Font Farsi versions = 1.6.6...

PT-2024-18276 · WordPress · Font Farsi

Name of the Vulnerable Software and Affected Versions: Font Farsi WordPress plugin versions 1.6.6 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...