Medium severity5.4NVD Advisory· Published Sep 20, 2021· Updated Jun 17, 2026
CVE-2021-24637
CVE-2021-24637
Description
The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Google Fonts Typography plugindescription
- Range: <3.0.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.