WordPress CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin <= 4.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

EUVD-2023-57772

Malicious code in bioql PyPI...

EUVD-2025-7192

Malicious code in bioql PyPI...

CVE-2025-0807

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citssettingstab function. This makes it possible for...

CVE-2024-13768 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...

CVE-2024-13768 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...

CVE-2025-0807 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citssettingstab function. This makes it possible for...

CVE-2025-0807 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citssettingstab function. This makes it possible for...

CVE-2025-0807

CVE-2025-0807 concerns the WordPress plugin “CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts” (versions

WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CITS Support svg, webp Media a...

WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CITS Support svg, webp Media a...

WordPress cits-support-svg-webp-media-upload plugin <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion vulnerability

Cross-Site Request Forgery to Font Assignment Deletion vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

CVE-2023-5458

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

Unrestricted file upload

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-5458 CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-5458

CVE-2023-5458 affects the WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, vulnerable versions

PT-2023-32114 · WordPress · Cits Support Svg

Name of the Vulnerable Software and Affected Versions: CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin versions prior to 3.0 Description: The issue concerns the failure to sanitise uploaded SVG files, potentially allowing users with a role as low as Author to upload maliciou...

WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG with the payload: View the SVG and see the XSS...

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. As an author, upload an SVG with the payload: alert"xss"; View the SVG and see the XSS...