CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

PT-2022-9543 · WordPress · Use Any Font | Custom Font Uploader

Name of the Vulnerable Software and Affected Versions: Use Any Font | Custom Font Uploader WordPress plugin versions prior to 6.2.1 Description: The issue allows unauthenticated users to send arbitrary CSS, which will be processed by the frontend for all users. This is due to the lack of...