3 matches found
CVE-2024-43302
CVE-2024-43302 is a Missing Authorization vulnerability in the Fonts Plugin (Fonts) for WordPress, affecting versions up to 3.7.7. The issue involves incorrect access control that allows exploitation via unauthorized access to protected resources. The public references indicate an official vulner...
CVE-2024-43301
CVE-2024-43301 is a CSRF-to-stored XSS in the Fonts Plugin (olympus-google-fonts) for WordPress, affecting versions up to 3.7.7. RedHat/Wordfence and PT-Security sources confirm the issue and cite an upgrade remedy: upgrade Fonts to 3.7.8 to remediate. The vulnerability stems from CSRF enabling s...
CVE-2021-24637
CVE-2021-24637 concerns the WordPress Google Fonts Typography plugin, affected versions before 3.0.3. The vulnerability arises from insufficient escaping and sanitization of certain Gutenberg block settings, enabling Stored Cross-Site Scripting via multiple block parameters (blockType, content, a...