Description
WordPress Plugin Font-official webfonts plugin of Fonts For Web is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Font-official webfonts plugin of Fonts For Web version 7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.5.1 or latest
References
http://seclists.org/bugtraq/2015/Oct/65
https://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html
Related Vulnerabilities
WordPress Plugin Newsletter by Supsystic Cross-Site Scripting (1.1.7)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-27912)
MySQL CVE-2019-2974 Vulnerability (CVE-2019-2974)
WordPress Plugin Registrations for the Events Calendar-Event Registration SQL Injection (2.7.5)