WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

Description

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin

Proof of Concept

As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remove settings at Uninstall" setting and uninstall the plugin to delete the wp-includes folder

Affects Plugins

host-webfonts-local
Fixed in version 4.5.12

References

CVE
CVE-2021-25021

Classification

Type

TRAVERSAL

OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher

José Aguilera

Submitter

José Aguilera

Submitter website
https://jsgm.dev
Verified

Yes

WPVDB ID
92db763c-ca6b-43cf-87ff-c1678cf4ade5

Timeline

Publicly Published

2021-12-01 (about 9 months ago)

Added

2021-12-01 (about 9 months ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin