4.3
CVE-2024-5489
- EPSS 0.45%
- Veröffentlicht 06.06.2024 12:15:09
- Zuletzt bearbeitet 08.04.2026 17:19:04
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion
The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.
Mögliche Gegenmaßnahme
Wbcom Designs – Custom Font Uploader: Update to version 2.4.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wbcomdesigns ≫ Custom Font Uploader SwPlatformwordpress Version < 2.4.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Wbcom Designs – Custom Font Uploader
Version
*-2.3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.359 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://plugins.trac.wordpress.org/browser/custom-font-uploader/trunk/inc/cfup-functions.php#L20
https://plugins.trac.wordpress.org/changeset/3097373/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2339ebbf-2302-4e83-9743-ca79fda20f05?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/2339ebbf-2302-4e83-9743-ca79fda20f05