NotCVE - vendor:"Wbcomdesigns" product:"Custom Font Uploader"

1 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-5489 – Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

https://notcve.org/view.php?id=CVE-2024-5489

05 Jun 2024 — The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font. El complemento Wbcom Designs – Custom Font Uploader para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en l... • https://plugins.trac.wordpress.org/browser/custom-font-uploader/trunk/inc/cfup-functions.php#L20 • CWE-862: Missing Authorization •