CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43301 – WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability
https://notcve.org/view.php?id=CVE-2024-43301
Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.7. This is due to missing or incorrect nonce validation on the manage_kits() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-cross-site-request-forgery-csrf-to-stored-xssvulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43302 – WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43302
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_kits() and manage_kits() function in versions up to, and including, 3.7.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to access and update font kits. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •