← voltar
CVE-2021-24782

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

EPSS 0.6%CWE-79
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Produtos afetados
Unknown · Flex Local Fonts

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/5cd846df-1d8b-488d-a691-b76850e8687a