Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
fontsplugin
13018.9%HIGH

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-43302Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7.HIGH8.833.2%Nov 1, 2024
CVE-2024-43301Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7.MEDIUM5.44.7%Aug 26, 2024
CVE-2021-24637The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.MEDIUM5.4Sep 20, 2021