Use Any Font

use_any_font

Vendor: Dineshkarki • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-47305 1Dineshkarki 1Use Any Font Jun 17, 2026 Sep 25, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08.
CVE-2022-27851 1Dineshkarki 1Use Any Font Jun 17, 2026 Apr 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.
CVE-2021-24977 1Dineshkarki 1Use Any Font Jun 17, 2026 Feb 28, 2022 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 The Use Any Font \| Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the...Show more The Use Any Font \| Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issuesShow less