Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
font project font vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
Font Converter Project Font Converter 1.0.0
Font Converter Project Font Converter 1.1.0
Font Converter Project Font Converter 1.1.1
NA
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
6.1
CVSSv3
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5
Parsi-font Project Parsi-font 4.2.5
6.1
CVSSv3
CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
Admin-font-editor Project Admin-font-editor
NA
CVE-2014-2570
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib prior to 0.3.1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Php Font Lib Project Php Font Lib
6.1
CVSSv3
CVE-2021-24977
The Use Any Font | Custom Font Uploader WordPress plugin prior to 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation a...
Use Any Font Project Use Any Font
4.8
CVSSv3
CVE-2023-25442
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.
Zeno Font Resizer Project Zeno Font Resizer
5.4
CVSSv3
CVE-2022-4512
The Better Font Awesome WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Better Font Awesome Project Better Font Awesome
5.4
CVSSv3
CVE-2023-0271
The WP Font Awesome WordPress plugin prior to 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Wp Font Awesome Project Wp Font Awesome
8.8
CVSSv3
CVE-2022-37405
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.
Better Font Awesome Project Better Font Awesome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »