CVE-2021-24782

CVE-2021-24782: Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

Vendor Unknown
Product Flex Local Fonts
Weakness CWE-79 · XSS
Published December 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated