CVE-2026-3535 DSGVO Google Web Fonts GDPR <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

CVE-2024-31386

Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

@agileana/agileana-theme (>=0.0.1 <=0.0.3), @ajberkow/gatsby-theme-ucomm (>=0.0.1 <=0.0.8) +14 more potentially affected by CVE-2021-32770 via gatsby-source-wordpress (>=2.0.93 <=3.11.0)

gatsby-source-wordpress NPM version =2.0.93, =0.0.1, =0.0.1, =1.0.0, =1.3.1-alpha, =1.0.0, =1.0.0, =1.0.11, =1.0.26, =1.0.40, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.0.1, =0.0.4 and more Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...