WordPress Plugin Vulnerabilities

Font_Organizer 2.1.1 - Cross-Site Scripting (XSS)

Description

The Font Organizer WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
font-organizer
No known fix

References

CVE
CVE-2019-9908
URL
https://security-consulting.icu/blog/2019/02/wordpress-font-organizer-xss/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Tim Coen
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
8d84e918-4e0d-47e5-9c54-2415a33d445b

Timeline

Publicly Published
2019-03-22 (about 7 years ago)
Added
2019-03-22 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-09-25
Title
Stagtools < 2.3.8 - Reflected XSS
Published
2021-12-08
Title
Fathom Analytics < 3.0.5 - Admin+ Stored Cross-Site Scripting
Published
2024-08-06
Title
Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload
Published
2022-08-23
Title
Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting
Published
2025-06-30
Title
Ultra Addons for Contact Form 7 < 3.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode