Vulnerabilities > CVE-2022-4447 - Unspecified vulnerability in Fontsy Project Fontsy 1.8.6

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fontsy-project

critical

NVD

Published: 2023-01-16

Updated: 2023-11-07

Summary

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Vulnerable Configurations

Part	Description	Count
Application	Fontsy_Project Fontsy Project Fontsy 1.8.6	1

References

https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad