Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
font project font vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
Font Converter Project Font Converter 1.0.0
Font Converter Project Font Converter 1.1.0
Font Converter Project Font Converter 1.1.1
4
CVSSv2
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
4.3
CVSSv2
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5
Parsi-font Project Parsi-font 4.2.5
4.3
CVSSv2
CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
Admin-font-editor Project Admin-font-editor
NA
CVE-2022-4512
The Better Font Awesome WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Better Font Awesome Project Better Font Awesome
4.3
CVSSv2
CVE-2014-2570
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib prior to 0.3.1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Php Font Lib Project Php Font Lib
NA
CVE-2022-37405
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.
Better Font Awesome Project Better Font Awesome
NA
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenti...
Wp Font Awesome Project Wp Font Awesome
5.8
CVSSv2
CVE-2021-24977
The Use Any Font | Custom Font Uploader WordPress plugin prior to 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation a...
Use Any Font Project Use Any Font
NA
CVE-2023-0271
The WP Font Awesome WordPress plugin prior to 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Wp Font Awesome Project Wp Font Awesome
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »