Cross-Site Scripting Vulnerability in Font Organizer Plugin for WordPress
CVE-2019-9908

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Font Organizer
Vendor
CVE Published:
22 March 2019

Summary

The Font Organizer plugin version 2.1.1 for WordPress contains a cross-site scripting (XSS) vulnerability located in the wp-admin/options-general.php file. This issue allows attackers to inject malicious scripts into the web pages viewed by users with lower permissions. If exploited, this vulnerability could compromise user sessions and lead to unauthorized actions on the affected site. It is essential for WordPress site administrators using this plugin to implement updates and patches to mitigate potential exploitation risks.

References

https://lists.openwall.net/full-disclosure/2019/02/05/8
x_refsource_MISC
https://security-consulting.icu/blog/2019/02/wordpress-fo...
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9239
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.