CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

PT-2026-25594

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to SMR Mar-2026 Release 1 Description A flaw exists in the verification of cryptographic signatures within Font Settings. This issue allows a physical attacker to utilize custom fonts. The vulnerability impacts...

EUVD-2025-198511

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

EUVD-2024-46699

Malicious code in bioql PyPI...

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

WordPress Wbcom Designs - Custom Font Uploader plugin <= 2.3.4 - Missing Authorization to Font Deletion vulnerability

WordPress Wbcom Designs - Custom Font Uploader plugin = 2.3.4 - Missing Authorization to Font Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Custom Font Uploader versions = 2.3.4...

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489

The CVE-2024-5489 entry concerns Wbcoms Designs – Custom Font Uploader for WordPress. A missing capability check in the cfu_delete_customfont function affects all versions up to 2.3.4, enabling authenticated users with Subscriber-level access and above to delete any custom font, i.e., unauthorize...

WordPress Custom Font Uploader Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software Custom Font Uploader Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec1d5e78e0ec Credits Lucio Sá Required privile...

WordPress plugin Wbcom Designs - Custom Font Uploader security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Automatic Translator with Google Translate plugin <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Custom Font vulnerability discovered by emad in WordPress Plugin Automatic Translator with Auto Translate versions = 1.5.4...

WordPress Custom Font Uploader plugin <= 2.1.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Custom Font Uploader plugin versions = 2.1.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporar...

WordPress Custom Font Uploader plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Custom Font Uploader plugin versions prior to 6.2.1,...

CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...