CVE-2021-24977

Name of the Vulnerable Software and Affected Versions Use Any Font | Custom Font Uploader WordPress plugin versions prior to 6.2.1

Description The issue allows unauthenticated users to send arbitrary CSS, which will be processed by the frontend for all users. This is due to the lack of authorization checks when assigning a font. Additionally, the lack of sanitization and escaping in the backend could lead to Stored XSS issues.

Recommendations For versions prior to 6.2.1, update to version 6.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the font assignment feature to authenticated and authorized users until the update is applied.