Vulnerabilities

CVE-2021-24935

by Fred · 06/12/2021

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues

Date published : 2021-12-06

https://plugins.trac.wordpress.org/changeset/2623659

https://wpscan.com/vulnerability/53702281-1bd5-4828-b7a4-9f81cf0b6bb6

Similar

Tags: Cybersecurity Alert