ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Font Plugin <= 7.5.0 - Absolute Path Traversal

Product
Font
Description
This vulnerability allows the administrators to read arbitrary files via a full pathname in the "URL" parameter to AjaxProxy.php.
Solution
Update the plugin.
Classification
Type BYPASS
References
CVE Mitre
CVE
Name CVE-2015-7683
Versions
Affected In <= 7.5.0
Fixed In 7.5.1
Disclosure date
2015-10-02