VulnCheck KEV: CVE-2022-4447

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2022-4447

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

Sql injection

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

PT-2023-14491 · WordPress · Fontsy

Name of the Vulnerable Software and Affected Versions: Fontsy WordPress plugin versions prior to 1.8.7 Description: The issue arises from improper sanitization and escaping of a parameter in a SQL statement, which is accessible via an AJAX action to unauthenticated users, leading to SQL injection...

Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM...