28 matches found
CVE-2023-6600
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...
CVE-2021-24639
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...
Cross site scripting
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...
CVE-2023-6600
CVE-2023-6600 affects the OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. WordPress plugin (versions up to 5.7.9). The vulnerability stems from a missing capability check in update_settings() hooked via admin_init, enabling unauthenticated modification of the plugin’s settings, which can ...
WordPress Plugin OMGF Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress OMGF | Host Google Fonts Locally Plugin <= 5.7.9 is vulnerable to Broken Access Control
Software OMGF | Host Google Fonts Locally Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.7.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6600 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID f1d5094ff494 Credits Lucio Sá...
OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS
Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...
VulnCheck KEV: CVE-2023-6600
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including,...
CVE-2021-25021
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...
Path traversal
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...
CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...
CVE-2021-25021
The vulnerability CVE-2021-25021 affects the WordPress plugin OMGF | Host Google Fonts Locally (versions before 4.5.12). The root cause is unvalidated cache directory settings allowing path traversal by high-privilege users, enabling deletion of arbitrary folders during uninstall. Impacts include...
OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remo...
OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...
WordPress OMGF | Host Google Fonts Locally plugin <= 4.5.11 - Arbitrary Folder Deletion via Path Traversal vulnerability
Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress OMGF | Host Google Fonts Locally plugin versions = 4.5.11. Solution Update the WordPress OMGF | Host Google Fonts Locally plugin to the latest available version at least 4.5.12...
CVE-2021-24638
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...
CVE-2021-24638
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...
CVE-2021-24639
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...
CVE-2021-24639
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...
Path traversal
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...