Lucene search
K

8 matches found

CNVD
CNVD
added 2021/12/18 12:0 a.m.15 views

WordPress Flex Local Fonts plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Flex Local Fonts plugin is a WordPress open source application plugin. WordPress Flex Local Fonts plugin in version...

4.8CVSS1AI score0.00598EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.17 views

CVE-2021-24782

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/12/13 11:15 a.m.12 views

Cross site scripting

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:40 a.m.20 views

CVE-2021-24782 Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:40 a.m.46 views

CVE-2021-24782

CVE-2021-24782 affects the WordPress Flex Local Fonts plugin (versions ≤ 1.0.0). The vulnerability stems from not escaping the Class Name field when a font is added, allowing stored Cross-Site Scripting for users with Admin+ privileges, even with unfiltered_html disallowed. PoCs describe a payloa...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Flex Local Fonts plugin is a WordPress open source application plugin. WordPress Flex Local Fonts plugin in version...

4.8CVSS5.6AI score0.00598EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.15 views

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The plugin does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add a new font Tools -- Local Fonts -- Add Font, need to have at least one font for the 'A...

4.8CVSS4.7AI score0.00598EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.14 views

WordPress Flex Local Fonts plugin <= 1.0.0 - Stored Cross-Site-Scripting (XSS) vulnerability

Stored Cross-Site-Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Flex Local Fonts plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.5AI score0.00598EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder