cleantalk
Vulnerabilities and Security Researches

Fontsampler, e364aa90b1936deefeb54f2615db62b3b1f6bbf5

CVE, Research URL

e364aa90b1936deefeb54f2615db62b3b1f6bbf5

Home page URL

Security reports for Fontsampler

Application

Fontsampler

Published on
Jun 30, 2021
Research Description
Fontsampler [fontsampler] < 0.4.13 (closed) Fontsampler <= 0.4.12 - Cross-Site Request Forgery to Cross-Site Scripting The Fontsampler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_get_mock_fontsampler function in versions up to, and including, 0.4.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 0.4.13.
Status
vulnerable
Previous vulnerability researches
Fontsampler (e364aa90b1936deefeb54f2615db62b3b1f6bbf5) , Jun 07, 2024
Fontsampler (c1e4aaff-e68d-4bb3-9f82-31c3a649b41b) , Jun 16, 2026
Fontsampler (CVE-2025-27337) , Mar 01, 2025
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026