EUVD-2012-3761

Malware in sbrugna...

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2012-3814

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts...

WordPress Wbcom Designs - Custom Font Uploader plugin <= 2.3.4 - Missing Authorization to Font Deletion vulnerability

WordPress Wbcom Designs - Custom Font Uploader plugin = 2.3.4 - Missing Authorization to Font Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Custom Font Uploader versions = 2.3.4...

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-5489

The CVE-2024-5489 entry concerns Wbcoms Designs – Custom Font Uploader for WordPress. A missing capability check in the cfu_delete_customfont function affects all versions up to 2.3.4, enabling authenticated users with Subscriber-level access and above to delete any custom font, i.e., unauthorize...

WordPress Custom Font Uploader Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software Custom Font Uploader Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec1d5e78e0ec Credits Lucio Sá Required privile...

WordPress plugin Wbcom Designs - Custom Font Uploader security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Wbcom Designs - Custom Font Uploader < 2.4.0 - Missing Authorization to Font Deletion

Description The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with...

WordPress Custom Font Uploader plugin <= 2.1.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Custom Font Uploader plugin versions = 2.1.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporar...

WordPress Custom Font Uploader plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Custom Font Uploader plugin versions prior to 6.2.1,...

CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2021-24977

The CVE relates to the WordPress plugin Use Any Font | Custom Font Uploader, versions prior to 6.2.1. The root cause is missing authorization checks when assigning a font, which allows unauthenticated users to append arbitrary CSS that the frontend processes for all users. In addition, insufficie...

PT-2022-9543 · WordPress · Use Any Font | Custom Font Uploader

Name of the Vulnerable Software and Affected Versions: Use Any Font | Custom Font Uploader WordPress plugin versions prior to 6.2.1 Description: The issue allows unauthenticated users to send arbitrary CSS, which will be processed by the frontend for all users. This is due to the lack of...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Custom Font Uploader plugin versions prior to 6.2.1,...

Wordpress Top Quark Architecture Arbitrary File Upload Code Execution (CVE-2012-3814)

A code execution vulnerability has been reported in Pippin Williamson Font Uploader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Font Uploader 1.2.4 - Arbitrary File Upload

The font-uploader WordPress plugin was affected by an Arbitrary File Upload security vulnerability...