CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

WordPress Wbcom Designs - Custom Font Uploader plugin <= 2.3.4 - Missing Authorization to Font Deletion vulnerability

WordPress Wbcom Designs - Custom Font Uploader plugin = 2.3.4 - Missing Authorization to Font Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Custom Font Uploader versions = 2.3.4...

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489

The CVE-2024-5489 entry concerns Wbcoms Designs – Custom Font Uploader for WordPress. A missing capability check in the cfu_delete_customfont function affects all versions up to 2.3.4, enabling authenticated users with Subscriber-level access and above to delete any custom font, i.e., unauthorize...

WordPress Custom Font Uploader Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software Custom Font Uploader Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec1d5e78e0ec Credits Lucio Sá Required privile...

WordPress plugin Wbcom Designs - Custom Font Uploader security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Custom Font Uploader plugin <= 2.1.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Custom Font Uploader plugin versions = 2.1.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporar...

WordPress Custom Font Uploader plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Custom Font Uploader plugin versions prior to 6.2.1,...

CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2021-24977

The CVE relates to the WordPress plugin Use Any Font | Custom Font Uploader, versions prior to 6.2.1. The root cause is missing authorization checks when assigning a font, which allows unauthenticated users to append arbitrary CSS that the frontend processes for all users. In addition, insufficie...

PT-2022-9543 · WordPress · Use Any Font | Custom Font Uploader

Name of the Vulnerable Software and Affected Versions: Use Any Font | Custom Font Uploader WordPress plugin versions prior to 6.2.1 Description: The issue allows unauthenticated users to send arbitrary CSS, which will be processed by the frontend for all users. This is due to the lack of...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Custom Font Uploader plugin versions prior to 6.2.1,...