Headline
CVE-2021-24935: Changeset 2623659 – WordPress Plugin Repository
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues
wp-google-fonts/trunk/google-fonts.php
r2225068
r2623659
3
3
Plugin Name: WP Google Fonts
4
4
Plugin URI: http://adrian3.com/projects/wordpress-plugins/wordpress-google-fonts-plugin/
5
Version: v3.1.4
5
Version: v3.1.5
6
6
Description: The Wordpress Google Fonts Plugin makes it even easier to add and customize Google fonts on your site through Wordpress.
7
7
Author: Noah Kagan
…
…
1305
1305
// ajax handling
1306
1306
function googlefont\_action\_callback() {
1307
$name = sanitize\_text\_field($\_POST\['googlefont\_ajax\_name'\]);
1308
$family = sanitize\_text\_field($\_POST\['googlefont\_ajax\_family'\]);
1307
$name = sanitize\_text\_field(esc\_attr($\_POST\['googlefont\_ajax\_name'\]));
1308
$family = sanitize\_text\_field(esc\_attr($\_POST\['googlefont\_ajax\_family'\]));
1309
1309
$normalized\_name = $this->gf\_normalize\_font\_name($family);
1310
1310
$variants = $this->gf\_get\_font\_data\_by\_family($name, $family, 'variants');
wp-google-fonts/trunk/readme.txt
r2223183
r2623659
3
3
Tags: Google fonts, fonts, font, type, free fonts, typography, theme, admin, plugin, css, design, plugin, template, page, posts, links, Google
4
4
Requires at least: 2.0.2
5
Tested up to: 5.3.2
5
Tested up to: 5.8.1
6
6
Stable tag: trunk
7
7
License: GPLv2 or later
…
…
20
20
21
21
== Changelog ==
22
Version 3.1.5
23
- Fix XSS vuln
24
22
25
Version 3.1.4
23
26
- Fix XSS vuln