VYPR
Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 3, 2024

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

CVE-2021-24638

Description

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/OMGF plugindescription
  • Daan/Omgfllm-fuzzy
    Range: <4.5.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.