[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frlYd0dlGUc7PjHQkG9_VX-xhz4kE_jKPL5aDlqxItJM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2021-24637","google-fonts-typography-authenticated-contributor-stored-cross-site-scripting-via-blocktype-arguments","Google Fonts Typography \u003C= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments","The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitize some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.","olympus-google-fonts",null,"\u003C3.0.3","3.0.3","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-08-23 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d3b4315-05cd-4349-8dd9-ea6792048a9d?source=api-prod",883]