WordPress Plugin Vulnerabilities

Embed Google Fonts <= 3.1.0 - Missing Authorization

Description

The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
embed-google-fonts
No known fix

References

CVE
CVE-2024-33925
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec6ea6e7-9c43-4b58-a1df-947a3aa7cd54

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
62e71e19-887d-490c-ae88-e3bfab04d3b1

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-05-07 (about 2 years ago)
Last Updated
2024-05-07 (about 2 years ago)

Other

Published
Title
Published
2026-06-15
Title
Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter
Published
2026-03-20
Title
Miraculous - Multi Vendor Online Music Store Elementor WordPress Theme < 2.1.2 - Missing Authorization
Published
2024-12-11
Title
Falcon – WordPress Optimizations & Tweaks < 2.8.4 - Missing Authorization
Published
2026-03-04
Title
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress < 2.5.0 - Missing Authorization
Published
2026-02-17
Title
Panda Pods Repeater Field < 1.5.13 - Missing Authorization