41 matches found
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-14351
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...
CVE-2025-14351
CVE-2025-14351 concerns the WordPress plugin “Custom Fonts – Host Your Fonts Locally.” Wordfence’s vulnerability spotlight confirms a missing capability check in the constructor of the BCF_Google_Fonts_Compatibility class, affecting all versions up to and including 2.1.16. The result is unauthori...
CVE-2025-14351
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...
EUVD-2023-39778
Malicious code in bioql PyPI...
EUVD-2023-48807
Malicious code in bioql PyPI...
EUVD-2024-40194
Malicious code in bioql PyPI...
EUVD-2024-40193
Malicious code in bioql PyPI...
CVE-2023-44470
Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...
CVE-2023-35779
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Seed Webs Seed Fonts plugin = 2.3.1 versions...
CVE-2025-31578
CVE-2025-31578 – Fonts Manager | Custom Fonts (WordPress) is a reflected XSS vulnerability due to improper input neutralization during web page generation. Affected product: Fonts Manager | Custom Fonts (Fonts Manager plugin); vulnerable in versions from n/a up to 1.2. The CVE has CVSS v3.1 score...
CVE-2025-31578 WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through = 1.2...
CVE-2024-43301
Cross-Site Request Forgery CSRF vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7...
CVE-2024-43302
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7...
CVE-2024-43302
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7...
CVE-2024-43302
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7...
CVE-2024-43302 WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7...
CVE-2024-43302 WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7...
PT-2024-30469 · Fonts · Fonts
Name of the Vulnerable Software and Affected Versions: Fonts versions through 3.7.7 Description: The issue is related to a Missing Authorization vulnerability in the Fonts Plugin, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions...
WordPress plugin Fonts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...