2 matches found
CVE-2021-24637 Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting
The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType combined with content, align, color, variant and fontID argument of a...
CVE-2021-24637
CVE-2021-24637 concerns the WordPress Google Fonts Typography plugin, affected versions before 3.0.3. The vulnerability arises from insufficient escaping and sanitization of certain Gutenberg block settings, enabling Stored Cross-Site Scripting via multiple block parameters (blockType, content, a...