CVE-2022-33978 MEDIUM

CVE-2022-33978: WordPress FontMeister plugin <= 1.08 - Reflected Cross-Site Scripting (XSS) vulnerability

Vendor Sayontan Sinha
Product FontMeister (WordPress plugin)
Weakness CWE-79 · XSS
Published October 11, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.

Key dates

02Disclosure timeline

October 11, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter CVE-2024-13803 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting CVE-2025-52436 CVE-2023-6616 SourceCodester Simple Student Attendance System index.php cross site scripting