The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-09-20T10:06:43
Updated: 2024-08-03T19:35:20.317Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24638
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-20T10:15:09.443
Modified: 2021-10-01T20:35:54.577
Link: CVE-2021-24638
Redhat
No data.