8 matches found
WordPress Flex Local Fonts plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Flex Local Fonts plugin is a WordPress open source application plugin. WordPress Flex Local Fonts plugin in version...
CVE-2021-24782
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24782 Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24782
CVE-2021-24782 affects the WordPress Flex Local Fonts plugin (versions ≤ 1.0.0). The vulnerability stems from not escaping the Class Name field when a font is added, allowing stored Cross-Site Scripting for users with Admin+ privileges, even with unfiltered_html disallowed. PoCs describe a payloa...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Flex Local Fonts plugin is a WordPress open source application plugin. WordPress Flex Local Fonts plugin in version...
Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting
The plugin does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add a new font Tools -- Local Fonts -- Add Font, need to have at least one font for the 'A...
WordPress Flex Local Fonts plugin <= 1.0.0 - Stored Cross-Site-Scripting (XSS) vulnerability
Stored Cross-Site-Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Flex Local Fonts plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This closure is temporary, pending a full review...