5 matches found
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php...
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php...
CVE-2015-7683
CVE-2015-7683 concerns the Font WordPress plugin (version 7.5) with an absolute path traversal vulnerability. The flaw arises from an unsanitized POST parameter named url being passed to file_get_contents via AjaxProxy.php, allowing authenticated WordPress admins to read arbitrary files (e.g., /e...
WordPress Font 7.5 Path Traversal
Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...
WordPress Font Plugin <= 7.5.0 - Absolute Path Traversal
This vulnerability allows the administrators to read arbitrary files via a full pathname in the "URL" parameter to AjaxProxy.php. Solution Update the plugin...