CVE-2025-31827 WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through = 1.2.2...

CVE-2025-31827 WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2...

PT-2024-39321 · WordPress · Fonto

Name of the Vulnerable Software and Affected Versions: Fonto – Custom Web Fonts Manager plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This...

WordPress plugin Fonto 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

WordPress Fonto Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Fonto Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 47d52cbd2788 Credits Francesco Carlucci Required...