Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
dineshkarki
36012.6%HIGH

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-47305Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08.HIGH8.89.3%Sep 25, 2024
CVE-2024-43947Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.MEDIUM4.36.9%Aug 29, 2024
CVE-2024-43948Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.MEDIUM6.120.7%Aug 29, 2024
CVE-2023-44261Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.HIGH8.813.3%Oct 10, 2023
CVE-2022-27851Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.MEDIUM4.3Apr 15, 2022
CVE-2021-24977The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issuesMEDIUM6.1Feb 28, 2022