2 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.7. This is due to missing or incorrect nonce validation on the manage_kits() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-cross-site-request-forgery-csrf-to-stored-xssvulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. The Fonts plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_kits() and manage_kits() function in versions up to, and including, 3.7.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to access and update font kits. • https://patchstack.com/database/vulnerability/olympus-google-fonts/wordpress-fonts-plugin-3-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •