Vulnerabilities > CVE-2021-24935 - Unspecified vulnerability in WP Google Fonts Project WP Google Fonts
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |