First published: Mon Jan 16 2023(Updated: )
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fontsy Project Fontsy | <=1.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4447 is a vulnerability in the Fontsy WordPress plugin through version 1.8.6 that allows unauthenticated users to perform a SQL injection attack.
CVE-2022-4447 affects the Fontsy WordPress plugin through version 1.8.6 by not properly sanitizing and escaping a parameter before using it in a SQL statement, allowing for a SQL injection attack.
CVE-2022-4447 has a severity rating of 9.8, which is considered critical.
To fix CVE-2022-4447, update the Fontsy WordPress plugin to version 1.8.7 or later, which includes the proper sanitization and escape of parameters.
For more information on CVE-2022-4447, you can refer to the WPScan vulnerability report at https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad.