14 matches found
WordPress Fontsy <=1.8.6 - SQL Injection
WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
VulnCheck KEV: CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
Sql injection
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4447
Summary (CVE-2022-4447): The Fontsy WordPress plugin up to version 1.8.6 is vulnerable to an SQL injection via an unauthenticated AJAX action due to improper sanitization/escaping of a parameter. Consequences described across connected sources include potential data leakage, data modification, an...
WordPress plugin Fontsy SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
PT-2023-14491 · WordPress · Fontsy
Name of the Vulnerable Software and Affected Versions: Fontsy WordPress plugin versions prior to 1.8.7 Description: The issue arises from improper sanitization and escaping of a parameter in a SQL statement, which is accessible via an AJAX action to unauthenticated users, leading to SQL injection...
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM...
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM SELECTSLEEP5hewu...
Fontsy: Cool fonts for Kik - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Fontsy: Cool fonts for Kik published at the 'play' market has multiple vulnerabilities...