Security Advisory

CVE-2021-24935

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-06 15:55:35

Last updated 2024-08-03 19:49:13

Assigner WPScan

State PUBLISHED

Description

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues

← Browse all CVEs View on cve.org ↗