Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through <= 1.2.
Published: 2025-04-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Fonts Manager | Custom Fonts plugin supplied by Wisdomlogix Solutions Pvt. Ltd. fails to escape user‑supplied input before it is rendered as part of a web page. This allows a reflected XSS payload to be injected into the page when a victim accesses crafted input, enabling arbitrary client‑side code execution. Depending on the victim’s permissions, an attacker could hijack session cookies, deface the site, or redirect users to malicious domains.

Affected Systems

Any WordPress deployment that has installed the Fonts Manager | Custom Fonts plugin with a version equal to or earlier than 1.2 is affected. The single vendor is Wisdomlogix Solutions Pvt. Ltd.; no fix has been released for versions prior to 1.3, so administrators should verify whether the plugin has been upgraded beyond the vulnerable release. If the plugin is not used, the risk is eliminated.

Risk and Exploitability

A CVSS score of 7.1 classifies this flaw as high severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers could exploit the flaw remotely by sending a malicious link or input to a user; no authentication is required. The combination of high impact and low likelihood means that fixing the plugin promptly is strongly recommended to avoid potential client‑side compromise.

Generated by OpenCVE AI on May 2, 2026 at 02:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Fonts Manager | Custom Fonts plugin to any release newer than 1.2 that contains the XSS fix; if no update is available, proceed to the next step.
  • Deactivate or uninstall the plugin entirely if it remains vulnerable, thereby removing the attack surface.
  • If the plugin must stay active and no patch exists, enforce a restrictive Content Security Policy that blocks inline scripts originating from the plugin’s output and ensure that only trusted administrators can access its configuration pages.

Generated by OpenCVE AI on May 2, 2026 at 02:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through <= 1.2.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.
Title WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:09.439Z

Reserved: 2025-03-31T10:05:51.138Z

Link: CVE-2025-31578

cve-icon Vulnrichment

Updated: 2025-04-02T13:15:43.545Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T21:15:50.930

Modified: 2026-04-23T15:28:00.043

Link: CVE-2025-31578

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:45:32Z

Weaknesses