WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability

WordPress Custom Fonts - Host Your Fonts Locally plugin = 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability discovered by type5afe in WordPress Plugin Custom Fonts – Host Your Fonts Locally versions = 2.1.16...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

EUVD-2024-46699

Malicious code in bioql PyPI...

CVE-2024-13768 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...

CVE-2024-13768 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...

WordPress cits-support-svg-webp-media-upload plugin <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion vulnerability

Cross-Site Request Forgery to Font Assignment Deletion vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

WordPress Borderless plugin <= 1.5.9 - Missing Authorization to Icon Font Deletion vulnerability

Missing Authorization to Icon Font Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Borderless versions = 1.5.9...

CVE-2024-11583

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removezippedfont' function in all versions up to, and including, 1.5.9. This makes it possible for...

WordPress Wbcom Designs - Custom Font Uploader plugin <= 2.3.4 - Missing Authorization to Font Deletion vulnerability

WordPress Wbcom Designs - Custom Font Uploader plugin = 2.3.4 - Missing Authorization to Font Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Custom Font Uploader versions = 2.3.4...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...