CVE-2023-6600
HIGH EXPLOITEDOMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <5.7.9 - XSS
Title source: llmExploitation Summary
CVE-2023-6600 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.
References (4)
Core 4
Core References
Scores
CVSS v3
8.6
EPSS
0.0048
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2024-01-02
CWE
CWE-79
CWE-862
Status
published
Products (2)
daan/omgf
< 5.7.10
daanvandenbergh/OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.
< 5.7.9
Published
Jan 03, 2024
Tracked Since
Feb 18, 2026