← Back

Dineshkarki

dineshkarki

6 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Use Any Font
use_any_font
3 CVEs
Wp Armour
wp_armour
2 CVEs
Block Plugin Update
block_plugin_update
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-47305
1Dineshkarki
1Use Any Font
Jun 17, 2026
Sep 25, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08.
CVE-2024-43947
1Dineshkarki
1Wp Armour
Jun 17, 2026
Aug 29, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
CVE-2024-43948
1Dineshkarki
1Wp Armour
Jun 17, 2026
Aug 29, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
CVE-2023-44261
1Dineshkarki
1Block Plugin Update
Jun 17, 2026
Oct 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.
CVE-2022-27851
1Dineshkarki
1Use Any Font
Jun 17, 2026
Apr 15, 2022
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.
CVE-2021-24977
1Dineshkarki
1Use Any Font
Jun 17, 2026
Feb 28, 2022
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the...Show more
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issuesShow less