11 matches found
CVE-2025-62980
CVE-2025-62980 is a Missing Authorization (broken access control) vulnerability in the WordPress plugin Persian Admnin Fonts, affecting versions up to and including 4.1.03. The connected sources indicate an unauthorized access risk due to misconfigured access control. Patch status is not publicly...
CVE-2023-7167
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-7167
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-7167 Persian Fonts <= 1.6 - Admin+ Stored XSS
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-7167
CVE-2023-7167 affects the Persian Fonts WordPress plugin (versions
CVE-2023-7167 Persian Fonts <= 1.6 - Admin+ Stored XSS
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Persian Fonts security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...
WordPress Persian Fonts Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software Persian Fonts Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7167 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b65b31e5f72a Credits Bob Matyas Required privilege...
Persian Fonts <= 1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to:...
Persian Fonts <= 1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to:...