Vulnerabilities > WP Google Fonts Project > WP Google Fonts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-24935 | Cross-site Scripting vulnerability in WP Google Fonts Project WP Google Fonts The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues | 4.3 |