WordPress is a set of blogging platform developed using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A path traversal vulnerability exists in the WordPress plugin CAOS|Host Google Fonts Locally. The vulnerability stems from the program not validating the cache directory settings. An attacker could use the path traversal vector and delete arbitrary folders when uninstalling the plugin.