2 matches found
CVE-2024-13418
Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...
PT-2025-18752 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: The issue is related to a missing capability check on the ajaxUploadFonts function in various WordPress plugins and themes, allowing authenticated attackers with Subscriber-level access a...