cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2657,https://securityvulnerability.io/vulnerability/CVE-2024-2657,Stored Cross-Site Scripting Vulnerability Affects Font Farsi Plugin for WordPress,"The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Font Farsi,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-30T08:30:12.030Z,0
CVE-2024-1752,https://securityvulnerability.io/vulnerability/CVE-2024-1752,Unfiltered HTML Settings Vulnerability in Font Farsi WordPress Plugin,"The Font Farsi WordPress plugin, up to version 1.6.6, includes a vulnerability that fails to properly sanitize and escape certain user-configurable settings. This oversight may allow users with elevated privileges, such as administrators, to execute stored cross-site scripting (XSS) attacks within the application, even in environments where the unfiltered_html capability is restricted (such as multisite setups). This flaw emphasizes the necessity for stringent security practices and regular updates to maintain application integrity and protect against potential exploits.",Wordpress,Font Farsi,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-08T05:00:02.250Z,0