- Lana Codes
- Common Vulnerabilities
Fontiran by Cadus Pro <= 2.1 - Subscriber+ Arbitrary Font Deletion
LANACOMMONVDB ID: bf99bdc2-bf20-4edd-9aa9-e7081ce078c5
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a font, which could allow any authenticated users, such as subscriber to delete arbitrary font.
You must be log in to view vulnerability details.
Or register a new account.