QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24637

Published: Sep 20, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.

Vendor	Product	Versions
Unknown	Fonts Plugin \| Google Fonts Typography	affected `3.0.3 - < 3.0.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.