14 matches found
WordPress Fontsy <=1.8.6 - SQL Injection
WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
VulnCheck KEV: CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
Sql injection
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
Summary (CVE-2022-4447): The Fontsy WordPress plugin up to version 1.8.6 is vulnerable to an SQL injection via an unauthenticated AJAX action due to improper sanitization/escaping of a parameter. Consequences described across connected sources include potential data leakage, data modification, an...
PT-2023-14491 · WordPress · Fontsy
Name of the Vulnerable Software and Affected Versions: Fontsy WordPress plugin versions prior to 1.8.7 Description: The issue arises from improper sanitization and escaping of a parameter in a SQL statement, which is accessible via an AJAX action to unauthenticated users, leading to SQL injection...
WordPress plugin Fontsy SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM SELECTSLEEP5hewu...
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM...
Fontsy: Cool fonts for Kik - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Fontsy: Cool fonts for Kik published at the 'play' market has multiple vulnerabilities...