CVE-2021-24977 - OpenCVE

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Use Any Font Project	Use Any Font

Configuration 1 [-]

cpe:2.3:a:use_any_font_project:use_any_font:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-28T09:06:26

Updated: 2022-02-28T09:06:26

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24977

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-28T09:15:08.337

Modified: 2022-10-24T16:41:55.470

Link: CVE-2021-24977

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "Use Any Font | Custom Font Uploader", "vendor": "Unknown", "versions": [{"lessThan": "6.2.1", "status": "affected", "version": "6.2.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c"}], "descriptions": [{"lang": "en", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-28T09:06:26", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}], "source": {"discovery": "EXTERNAL"}, "title": "Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24977", "STATE": "PUBLIC", "TITLE": "Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Use Any Font | Custom Font Uploader", "version": {"version_data": [{"version_affected": "<", "version_name": "6.2.1", "version_value": "6.2.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Krzysztof Zaj\u0105c"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24977", "datePublished": "2022-02-28T09:06:26", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2022-02-28T09:06:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:use_any_font_project:use_any_font:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C2FA7DF4-F390-4C68-8480-7BB8935E25D1", "versionEndExcluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues"}, {"lang": "es", "value": "El plugin Use Any Font | Custom Font Uploader de WordPress versiones anteriores a 6.2.1, no presenta ninguna comprobaci\u00f3n de autorizaci\u00f3n cuando se asigna una fuente, permitiendo a usuarios no autenticados enviar CSS arbitrarios que luego ser\u00e1n procesados por el frontend para todos los usuarios. Debido a una falta de saneo y escape en el backend, tambi\u00e9n podr\u00eda conllevar a problemas de tipo XSS Almacenado."}], "id": "CVE-2021-24977", "lastModified": "2022-10-24T16:41:55.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-28T09:15:08.337", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/739831e3-cdfb-4a22-9abf-6c594d7e3d75"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Secondary"}]}