CVE List


Severe 9.8

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Published January 16, 2023.

Affected software

Get alerts for Fontsy Project Fontsy

Reference links