Fontiran by Cadus Pro

Fontiran by Cadus Pro <= 2.1 - Subscriber+ Arbitrary Font Deletion

LANACOMMONVDB ID: bf99bdc2-bf20-4edd-9aa9-e7081ce078c5

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a font, which could allow any authenticated users, such as subscriber to delete arbitrary font.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/fontiran/

CVE: CVE-2023-25791

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-09

Published: 2023-02-15

Affected Version: <= 2.1

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).