Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
font project font vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
Font Converter Project Font Converter 1.0.0
Font Converter Project Font Converter 1.1.0
Font Converter Project Font Converter 1.1.1
356
VMScore
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
383
VMScore
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5
Parsi-font Project Parsi-font 4.2.5
NA
CVE-2022-4512
The Better Font Awesome WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Better Font Awesome Project Better Font Awesome
383
VMScore
CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
Admin-font-editor Project Admin-font-editor
NA
CVE-2023-25442
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.
Zeno Font Resizer Project Zeno Font Resizer
NA
CVE-2022-37405
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.
Better Font Awesome Project Better Font Awesome
NA
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenti...
Wp Font Awesome Project Wp Font Awesome
NA
CVE-2023-0271
The WP Font Awesome WordPress plugin prior to 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Wp Font Awesome Project Wp Font Awesome
516
VMScore
CVE-2021-24977
The Use Any Font | Custom Font Uploader WordPress plugin prior to 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation a...
Use Any Font Project Use Any Font
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »