Vulnerabilities and security researches forfontsampler fontsampler

Jun 07, 2024

CVE, Research URL: e364aa90b1936deefeb54f2615db62b3b1f6bbf5
Home page URL: Security reports for Fontsampler
Application: Fontsampler
Date: Jun 30, 2021
Research Description: Fontsampler [fontsampler] < 0.4.13 (closed) Fontsampler <= 0.4.12 - Cross-Site Request Forgery to Cross-Site Scripting The Fontsampler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_get_mock_fontsampler function in versions up to, and including, 0.4.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 0.4.13.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2025-27337
Home page URL: Security reports for Fontsampler
Application: Fontsampler
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur Fontsampler fontsampler allows Reflected XSS.This issue affects Fontsampler: from n/a through <= 0.4.14.
Affected versions: max 0.4.14.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: c1e4aaff-e68d-4bb3-9f82-31c3a649b41b
Home page URL: Security reports for Fontsampler
Application: Fontsampler
Date: -
Research Description: Fontsampler [fontsampler] < 0.14.3 (closed) Fontsampler < 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS) The plugin did not properly check for CSRF and authorisation in its ajax_get_mock_fontsampler AJAX action, which could lead to an authenticated reflected XSS issue as user input was then output without being sanitised first.
Affected versions: max 0.14.3.
Status: vulnerable