Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 2:7 a.m.5 views

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

8.6CVSS6AI score0.00183EPSS
Exploits0References1
Prion
Prionadded 2024/01/03 6:15 a.m.11 views

Cross site scripting

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

4.9CVSS6.2AI score0.00183EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDBadded 2024/01/03 12:0 a.m.19 views

OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS

Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...

8.6CVSS6AI score0.00183EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2022/01/03 1:15 p.m.10 views

CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

4.9CVSS0.00425EPSS
Exploits2References1
Prion
Prionadded 2022/01/03 1:15 p.m.7 views

Path traversal

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

4CVSS5.1AI score0.00425EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDBadded 2021/12/01 12:0 a.m.18 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...

4.9CVSS4.2AI score0.00425EPSS
Exploits2Affected Software1
NVD
NVDadded 2021/09/20 10:15 a.m.10 views

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...

8.1CVSS0.00404EPSS
Exploits2References1
Rows per page
Query Builder