NotCVE - vendor:"Use Any Font" product:"Use Any Font" version:" >= 0.0.0 <= 6.3.08"

3 results (0.012 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-47305 – WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2024-47305

25 Sep 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. The Use Any Font plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.08. This is due to missing or incorrect nonce validation on the uaf_trigger_actions() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a sit... • https://patchstack.com/database/vulnerability/use-any-font/wordpress-use-any-font-plugin-6-3-08-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27851 – WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2022-27851

30 Mar 2022 — Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Use Any Font (plugin de WordPress) versiones anteriores a 6.1.7 incluyéndola, permite a un atacante deshabilitar la clave API • https://patchstack.com/database/vulnerability/use-any-font/wordpress-use-any-font-plugin-6-1-7-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24977 – Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

https://notcve.org/view.php?id=CVE-2021-24977

31 Jan 2022 — The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues El plugin Use Any Font | Custom Font Uploader de WordPress versiones anteriores a 6.2.1, no presenta ninguna comprobación de autorización cuando se asigna una fuente,... • https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75 • CWE-862: Missing Authorization •