ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Font Organizer plugin <=2.1.1 - Cross-Site Scripting (XSS) vulnerability

Product
Font Organizer
Description
Cross-Site Scripting (XSS) vulnerability found Tim Coen in WordPress Font Organizer plugin (versions <=2.1.1).
Solution
22 March 2019 - we were unable to find a patched version of this plugin. There is a notice on the WordPress plugin repository "This plugin was closed on March 18, 2019 and is no longer available for download.".
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-9908
Versions
Affected In <=2.1.1
Disclosure date
2019-03-22
Credits
Tim Coen
Submitter
ThreatPress