4 matches found
CVE-2024-13768
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...
CVE-2024-13768
creationtimestamp| type| source ---|---|--- 2025-03-22 07:38:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkx7uyjlgv2j 2025-03-22 10:22:33+00:00| seen| https://t.me/cvedetector/20863...
CVE-2024-13768
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...
CVE-2024-13768
CVE-2024-13768 affects the WordPress plugin “CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts” (versions ≤ 4.2). Root cause: missing/incorrect nonce validation in cits_assign_fonts_tab(), enabling Cross-Site Forgery. Impact: unauthenticated attackers can delete font assignme...