Use Any Font < 6.2.1 – API Key Deactivation via CSRF | CVE 2022-27851

Affects Plugins

use-any-font

Fixed in 6.2.1

References

CVE

CVE-2022-27851

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Rasi Afeef

Verified

Yes

WPVDB ID

01fb7861-52fc-4c45-b78e-63444606d403

Timeline

Publicly Published

2022-03-30 (about 4 years ago)

Added

2022-04-16 (about 4 years ago)

Last Updated

2022-04-18 (about 4 years ago)

Other

Published

Title

Published

2023-07-10

Title

BigContact <= 1.5.8 - Cross-Site Request Forgery

Published

2023-02-28

Title

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

Published

2025-02-03

Title

WP Admin Custom Page <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-07-08

Title

Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload

Published

2021-07-12

Title

WOWRestro < 1.1 - CSRF Bypass