WordPress Plugin Vulnerabilities

Font <= 7.5 - Authenticated Path Traversal

Description

The Font – official webfonts plugin of Fonts For Web. NO CODING! Just click & change font size, color and font face visually! WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.

Affects Plugins

Plugin icon
font
Fixed in 7.5.1

References

CVE
CVE-2015-7683
URL
https://packetstormsecurity.com/files/#133930/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
27bddc74-87b8-458c-a040-e956e75ec536

Timeline

Publicly Published
2015-10-12 (about 10 years ago)
Added
2015-10-12 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2015-03-03
Title
Authentic Theme - Arbitrary File Download
Published
2024-10-21
Title
3D Work In Progress <= 1.0.3 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2014-08-01
Title
PictPress <= 0.91 - Remote File Disclosure
Published
2025-04-23
Title
Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion
Published
2025-09-25
Title
Backuply < 1.4.9 - Admin+ Arbitrary File Deletion