CVE-2021-24977 - OpenCVE

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Use Any Font Project	Use Any Font

Configuration 1 [-]

cpe:2.3:a:use_any_font_project:use_any_font:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-28T09:06:26

Updated: 2024-08-03T19:49:14.458Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24977

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-28T09:15:08.337

Modified: 2022-10-24T16:41:55.470

Link: CVE-2021-24977

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Use Any Font | Custom Font Uploader", "vendor": "Unknown", "versions": [{"lessThan": "6.2.1", "status": "affected", "version": "6.2.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c"}], "descriptions": [{"lang": "en", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-28T09:06:26", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}], "source": {"discovery": "EXTERNAL"}, "title": "Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24977", "STATE": "PUBLIC", "TITLE": "Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Use Any Font | Custom Font Uploader", "version": {"version_data": [{"version_affected": "<", "version_name": "6.2.1", "version_value": "6.2.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Krzysztof Zaj\u0105c"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:49:14.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24977", "datePublished": "2022-02-28T09:06:26", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:49:14.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:use_any_font_project:use_any_font:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C2FA7DF4-F390-4C68-8480-7BB8935E25D1", "versionEndExcluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}, {"lang": "es", "value": "El plugin Use Any Font | Custom Font Uploader de WordPress versiones anteriores a 6.2.1, no presenta ninguna comprobaci\u00f3n de autorizaci\u00f3n cuando se asigna una fuente, permitiendo a usuarios no autenticados enviar CSS arbitrarios que luego ser\u00e1n procesados por el frontend para todos los usuarios. Debido a una falta de saneo y escape en el backend, tambi\u00e9n podr\u00eda conllevar a problemas de tipo XSS Almacenado."}], "id": "CVE-2021-24977", "lastModified": "2022-10-24T16:41:55.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-28T09:15:08.337", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Secondary"}]}