CVE-2024-5489
The CVE-2024-5489 entry concerns Wbcoms Designs – Custom Font Uploader for WordPress. A missing capability check in the cfu_delete_customfont function affects all versions up to 2.3.4, enabling authenticated users with Subscriber-level access and above to delete any custom font, i.e., unauthorize...