CVE-2026-3535 DSGVO Google Web Fonts GDPR <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

EUVD-2021-11933

Malware in sbrugna...

EUVD-2021-11549

Malware in sbrugna...

EUVD-2021-11847

Malware in sbrugna...

EUVD-2023-58106

Malicious code in bioql PyPI...

EUVD-2024-34506

Malicious code in bioql PyPI...

EUVD-2024-24433

Malicious code in bioql PyPI...

EUVD-2023-38280

Malicious code in bioql PyPI...

CVE-2024-33925

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0...

CVE-2023-5823

Cross-Site Request Forgery CSRF vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin = 2.2.11 versions...

CVE-2021-24935

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues...

CVE-2021-24637

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType combined with content, align, color, variant and fontID argument of a...

CVE-2024-27194

Cross-Site Request Forgery CSRF vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6...

MAL-2025-834 Malicious code in google-fonts-to-wordpress-collection (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in google-fonts-to-wordpress-collection (npm)

--- -= Per source details. Do not edit below this line.=-...

Embed Google Fonts <= 3.1.0 - Missing Authorization

Description The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

CVE-2024-33925

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0...

CVE-2024-33925

The CVE-2024-33925 entry concerns the Embed Google Fonts plugin for WordPress. The Red Hat and Wordfence records concur a Missing Authorization vulnerability affecting Embed Google Fonts up to version 3.1.0, with a base CVSS v3.1 score of 4.3 (Medium). Root cause: missing/insufficient authorizati...

CVE-2024-33925 WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0...

WordPress plugin Embed Google Fonts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...