CVE-2026-3535

The CVE concerns the DSGVO Google Web Fonts GDPR WordPress plugin. All versions up to 1.1 are vulnerable due to missing file type validation in the DSGVOGWPdownloadGoogleFonts() function. The function, exposed via a wp_ajax_nopriv_ hook (no authentication), fetches a user-supplied URL as a CSS fi...

EUVD-2025-31208

Malicious code in bioql PyPI...

WordPress Font Farsi Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Font Farsi Type Plugin Vulnerable versions = 1.6.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1752 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cc13461114f8 Credits Bob Matyas Required privilege...

WordPress WP Font Awesome Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Font Awesome Type Plugin Vulnerable versions = 1.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1bfa254a1aff Credits Lana Codes Required...

WordPress Font Awesome More Icons Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Software Font Awesome More Icons Type Plugin Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5232 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c195d6e21e36 Credits Lana Codes Required...

PT-2023-16129 · WordPress · Wp Font Awesome

Name of the Vulnerable Software and Affected Versions: WP Font Awesome WordPress plugin versions prior to 1.7.9 Description: The issue arises from the plugin's failure to validate and escape certain shortcode attributes before outputting them in a page or post, potentially allowing users with the...

WordPress plugin WP Font Awesome 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Wordpress Font Uploader Plugin 1.2.4 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - WordPress Font Uploader Shell Upload Vulnerability Version : 1.2.4 Link : http://wordpress.org/extend/plugins/font-uploader/ Plugins : http://downloads.wordpress.org/plugin/font-uploader.1.2.4.zip Date : 01-06-2012 Google Dork :...

WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload

WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload Description : Wordpress Plugins - WordPress Font Uploader Shell Upload Vulnerability Version : 1.2.4 Link : http://wordpress.org/extend/plugins/font-uploader/ Plugins : http://downloads.wordpress.org/plugin/font-uploader.1.2.4.zip Date ...