WordPress Plugin Vulnerabilities

OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS

Description

The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories.

Affects Plugins

Plugin icon
host-webfonts-local
Fixed in 5.7.10

References

CVE
CVE-2023-6600
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e835b97-c066-4e8f-b99f-1a930105af0c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Lucio Sá
Verified
No
WPVDB ID
b6e40bce-4769-41ec-9e86-64b5bfd6b171

Timeline

Publicly Published
2024-01-02 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2024-12-11
Title
Awesome Support < 6.3.2 - Missing Authorization
Published
2025-11-24
Title
Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update
Published
2025-05-07
Title
Eventin < 4.0.27 - Missing Authorization to Unauthenticated Privilege Escalation
Published
2025-05-09
Title
SMS Alert Order Notifications – WooCommerce < 3.8.2 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function
Published
2024-12-11
Title
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses < 3.2.22 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update