FontMeister <= 1.08 – Reflected Cross-Site Scripting | CVE 2022-33978

Affects Plugins

fontmeister

No known fix

References

CVE

CVE-2022-33978

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Tien Nguyen Anh

Verified

No

WPVDB ID

48ec30d6-8b40-4d2a-a1f9-a24fcd0522cd

Timeline

Publicly Published

2022-09-23 (about 3 years ago)

Added

2022-10-11 (about 3 years ago)

Last Updated

2022-10-11 (about 3 years ago)

Other

Published

Title

Published

2025-04-01

Title

SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-05-28

Title

Expert Invoice <= 1.0.2 -Admin+ Stored XSS

Published

2023-11-16

Title

Jetpack < 12.8-a.3 - Contributor+ Stored XSS via block attribute

Published

2025-01-16

Title

Isolved Talent Acquisition < 1.4.0 - Reflected Cross-Site Scripting

Published

2021-11-23

Title

Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting