WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability
Vulnerable versions
<= 6.1.7
PSID
576900e15680
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Required privilege
Publicly disclosed
2022-03-30
Patchstack vPatch available since
09.12.2021
Details
Cross-Site Request Forgery (CSRF) vulnerability was discovered by Rasi Afeef (Patchstack Alliance) in WordPress Use Any Font plugin (versions <= 6.1.7).
Solution
Update the WordPress Use Any Font plugin to the latest available version (at least 6.1.8).
References
CVE-2022-27851
Plugin page