Lucene search
JrXnmWPVDB-ID:53702281-1BD5-4828-B7A4-9F81CF0B6BB6HistoryNov 03, 2021 - 12:00 a.m.
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-0300:00:00
JrXnm
wpscan.com
3
0.001 Low
EPSS
Percentile
30.1%
The plugin does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
PoC
The XSS from the googlefont_ajax_name will be triggered when the mouse will be over any of the checkbox. The one from googlefont_ajax_family will be triggered only in section 1 and 4
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-google-fonts | lt | 3.1.5 |
Related
cvelist
cvelist
CVE-2021-24935 WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-12-06 15:55:35
prion
prion
Cross site scripting
2021-12-06 16:15:00
cnvd
cnvd
WordPress WP Google Fonts plugin cross-site scripting vulnerability
2021-12-09 00:00:00
cve
cve
CVE-2021-24935
2021-12-06 16:15:08
nvd
nvd
CVE-2021-24935
2021-12-06 16:15:08
wpexploit
wpexploit
WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
2021-11-03 00:00:00