22 matches found
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...
EUVD-2026-14011
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The CVE-2026-1800 entry concerns The Fonts Manager | Custom Fonts plugin for WordPress. A time-based SQL Injection affects all versions up to 1.2 via the fmcfIdSelectedFnt parameter, caused by insufficient escaping of user input and lack of proper SQL query preparation. This allows unauthenticate...
PT-2026-26815
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
WordPress plugin Fonts Manager | Custom Fonts SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2025-9462
Malicious code in bioql PyPI...
CVE-2025-31578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...
CVE-2025-31578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...
CVE-2025-31578 WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...
CVE-2025-31578
CVE-2025-31578 – Fonts Manager | Custom Fonts (WordPress) is a reflected XSS vulnerability due to improper input neutralization during web page generation. Affected product: Fonts Manager | Custom Fonts (Fonts Manager plugin); vulnerable in versions from n/a up to 1.2. The CVE has CVSS v3.1 score...
CVE-2025-31578 WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...
PT-2025-14432 · Wisdomlogix Solutions Pvt. · Fonts Manager | Custom Fonts
Name of the Vulnerable Software and Affected Versions: Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...
WordPress plugin Fonts Manager | Custom Fonts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-8920
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...