Description

WordPress Plugin OMGF-Host Google Fonts Locally is prone to multiple vulnerabilities, including directory traversal and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete arbitrary files/folders. WordPress Plugin OMGF-Host Google Fonts Locally version 4.5.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.5.4 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:C783A746-F1FE-4D68-9D0A-477DE5DBB35C

https://sploitus.com/exploit?id=WPEX-ID:1ADA2A96-32AA-4E37-809C-705DB6026E0B

https://plugins.svn.wordpress.org/host-webfonts-local/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Fast Secure Contact Form Cross-Site Scripting (4.0.37)

WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-7238)

WordPress 4.6.x Prototype Pollution (4.6 - 4.6.22)

WordPress Plugin Stripe Payments Cross-Site Scripting (2.0.39)

Severity

High

Classification

CVE-2021-24638 CVE-2021-24639 CWE-22 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update