CVE-2024-1332
The CVE (CVE-2024-1332) concerns the WordPress plugin “Custom Fonts – Host Your Fonts Locally.” It is documented as vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to 2.1.4, caused by insufficient input sanitization and output escaping. The vulnerability enables a...