cleantalk
Vulnerabilities and Security Researches

Fontsampler, c1e4aaff-e68d-4bb3-9f82-31c3a649b41b

CVE, Research URL

c1e4aaff-e68d-4bb3-9f82-31c3a649b41b

Home page URL

Security reports for Fontsampler

Application

Fontsampler

Published on
-
Research Description
Fontsampler [fontsampler] < 0.14.3 (closed) Fontsampler &lt; 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS) The plugin did not properly check for CSRF and authorisation in its ajax_get_mock_fontsampler AJAX action, which could lead to an authenticated reflected XSS issue as user input was then output without being sanitised first.
Affected versions
max 0.14.3.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026