Description

WordPress Plugin OMGF-Host Google Fonts Locally is prone to multiple vulnerabilities, including directory traversal and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete arbitrary files/folders. WordPress Plugin OMGF-Host Google Fonts Locally version 4.5.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.5.4 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:C783A746-F1FE-4D68-9D0A-477DE5DBB35C

https://sploitus.com/exploit?id=WPEX-ID:1ADA2A96-32AA-4E37-809C-705DB6026E0B

https://plugins.svn.wordpress.org/host-webfonts-local/trunk/readme.txt

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2016-9263)

WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)

WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)

Oracle HTTP Server CVE-2019-2414 Vulnerability (CVE-2019-2414)

WordPress Plugin DM Albums File Dislosure (1.9.2)

Severity

High

Classification

CVE-2021-24638 CVE-2021-24639 CWE-22 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update