Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 3, 2024
OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
CVE-2021-24638
Description
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/OMGF plugindescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35cmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.