CVE-2024-13768
CVE-2024-13768 affects the WordPress plugin “CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts” (versions ≤ 4.2). Root cause: missing/incorrect nonce validation in cits_assign_fonts_tab(), enabling Cross-Site Forgery. Impact: unauthenticated attackers can delete font assignme...