4 matches found
CVE-2021-24935
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues...
CVE-2021-24935
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues...
CVE-2021-24935
CVE-2021-24935 affects the WordPress WP Google Fonts plugin before 3.1.5. The vulnerability stems from insufficient escaping of googlefont_ajax_name and googlefont_ajax_family in the googlefont_action AJAX action, allowing reflected XSS when outputting these values in attributes. Impact is client...
WP Google Fonts <= 3.1.3 - Authenticated Reflected Cross-Site Scripting (XSS)
The WP Google Fonts WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...