Lucene search

K
wpvulndbApple502jWPVDB-ID:DD2B3F22-5E8B-41CF-BCB8-D2E673E1D21E
HistoryAug 23, 2021 - 12:00 a.m.

Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting

2021-08-2300:00:00
apple502j
wpscan.com
8

0.001 Low

EPSS

Percentile

24.9%

The plugin does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.

PoC

As a contributor, put the following code in a post/page while in Code Editor mode < 3.0.2 < 3.0.3

CPENameOperatorVersion
olympus-google-fontslt3.0.3

0.001 Low

EPSS

Percentile

24.9%

Related for WPVDB-ID:DD2B3F22-5E8B-41CF-BCB8-D2E673E1D21E