Wp Google Fonts Project: Security Vulnerabilities
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
CVSS Score
6.1
EPSS Score
0.003
Published
2021-12-06