Description
WordPress Plugin VendorFuel is prone to a local file overwrite vulnerability. Attackers can possibly exploit this issue to rewrite the contents of a .css file. This can be coupled with other existing vulnerabilities to affect the vulnerable application in various ways. WordPress Plugin VendorFuel version 1.3.1 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Easy Forms for Mailchimp Unspecified Vulnerability (6.6.2)
Moodle Files or Directories Accessible to External Parties Vulnerability (CVE-2025-26525)
WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)
osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881)