Description
WordPress Plugin Font-official webfonts plugin of Fonts For Web is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Font-official webfonts plugin of Fonts For Web version 7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.5.1 or latest
References
http://seclists.org/bugtraq/2015/Oct/65
https://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html
Related Vulnerabilities
WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)
WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)
WordPress Plugin SL User Create Information Disclosure (0.2.4)
WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2)
WordPress Plugin SecureMoz Security Audit PHP Object Injection (1.0.5)