2 matches found
CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...
CVE-2021-24977
The CVE relates to the WordPress plugin Use Any Font | Custom Font Uploader, versions prior to 6.2.1. The root cause is missing authorization checks when assigning a font, which allows unauthenticated users to append arbitrary CSS that the frontend processes for all users. In addition, insufficie...