High-Severity Cross-Site Scripting Flaws Persist in Popular WordPress Plugins and Google Fonts
Vulnerability coverage focused on affected versions, exploitability and patch or mitigation decisions.
Responsible editor: Marcin Pocztowski / Infrastructure and Vulnerability Response
Infrastructure Security Editor: Marcin Pocztowski / Infrastructure and Vulnerability Response
Last reviewed by: Marcin Pocztowski on Apr 30, 2026
Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence
Published on HackWatch: Apr 30, 2026
Source date: Apr 30, 2026
Last updated: Apr 30, 2026
Incident status: Active threat
Last verified: Apr 30, 2026
Corroborating sources: 1
Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.
AI tools may assist HackWatch with initial monitoring and source clustering. The public article is reviewed, fact-checked and edited by a real HackWatch reviewer before publication or material updates. Last human review: Apr 30, 2026.
Technical reviewer note: Marcin Pocztowski reviewed this alert on Apr 30, 2026 from an administrator's point of view, checking CVE-2024-27194, CVE-2024-29129, CVE-2024-29774, CVE-2024-32149 against vendor, CVE and advisory context before accepting the risk language. His remediation check is practical: confirm the affected version first, restrict reachable management surfaces as he would on Juniper, Cisco or Mikrotik routers, then patch or apply vendor mitigations only where the 1 corroborating source supports that scope.
Review our editorial policy or send corrections to [email protected].
Active threat. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.
Spain’s National Cybersecurity Institute (INCIBE) has flagged critical cross-site scripting vulnerabilities in several popular WordPress plugins and the Fontific Google Fonts plugin. Publicly disclosed exploits increase the urgency for users to apply patches immediately to prevent potential data breaches and site compromises.
GLOBAL, April 30, 2026, 11:27 UTC
Multiple high-severity cross-site scripting (XSS) vulnerabilities persist in widely used WordPress plugins and the Fontific Google Fonts plugin, according to a new bulletin from Spain’s National Cybersecurity Institute (INCIBE). Some flaws have known public exploits, elevating the threat landscape for website operators.
The bulletin highlights CVE-2024-27194, a cross-site request forgery (CSRF) vulnerability in the Fontific Google Fonts plugin by Andrei Ivasiuc. This flaw, present in versions up to 0.1.6, enables stored XSS attacks and has been tracked since March 2024 with recent updates as of late April 2026.
Similarly, CVE-2024-29129 affects the OxyExtras plugin from WPLIT Pty Ltd. This reflected XSS vulnerability impacts versions up to 1.4.4, allowing attackers to inject malicious scripts during page rendering.
Other high-risk reflected XSS issues include CVE-2024-29774 in WP Directory Kit and CVE-2024-32149 in BlueGlass Jobs for WordPress, affecting versions before 1.2.9 and 2.7.5 respectively. These vulnerabilities could facilitate credential theft or unauthorized actions through manipulated web content.
Medium-severity stored XSS vulnerabilities were found in QuomodoSoft’s ElementsReady Addons for Elementor (CVE-2024-34374) and 10Web Form Builder Team’s Form Maker plugin (CVE-2024-34437). While less critical, they still pose significant risks if exploited.
Notably, thinkgem JeeSite versions up to 5.12.0 contain low-severity open redirect vulnerabilities (CVE-2025-7763 and CVE-2025-7785) in SiteController and SsoController modules. Publicly available exploits increase the urgency for patching these flaws.
These vulnerabilities are pressing because attackers frequently exploit XSS weaknesses to bypass security, deliver malware, or hijack sessions. The presence of public exploits, especially for JeeSite, raises the likelihood of active attacks. Organizations using these plugins or Google Fonts should verify their versions and apply security updates without delay.
Neglecting patches could lead to data breaches, website defacement, or unauthorized system access. The INCIBE bulletin stresses the importance of keeping software current and monitoring vendor advisories closely.
Security teams should prioritize remediation of the affected plugins and validate patch effectiveness through testing. Deploying web application firewalls (WAFs) can add a defensive layer against script injection attempts.
Administrators are advised to audit plugin usage, disable unnecessary components, and seek alternatives when updates are unavailable. Regular vulnerability scans and penetration tests remain vital to detect and mitigate risks promptly.
The recent updates to these vulnerabilities underscore the ongoing challenge of securing widely adopted web components. Maintaining vigilance and acting swiftly are crucial to minimizing exposure and safeguarding digital assets.
Source: INCIBE vulnerability bulletin, https://www.incibe.es/node/620508
Sources used for this article
incibe.es
