← volver
CVE-2021-24782

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

EPSS 0.6%CWE-79
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Productos afectados
Unknown · Flex Local Fonts

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/5cd846df-1d8b-488d-a691-b76850e8687a