Vulnerabilities > CVE-2024-5489 - Missing Authorization vulnerability in Wbcomdesigns Custom Font Uploader

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

wbcomdesigns

CWE-862

NVD

Published: 2024-06-06

Updated: 2024-06-11

Summary

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.

Vulnerable Configurations

Part	Description	Count
Application	Wbcomdesigns Wbcomdesigns Custom Font Uploader - Wbcomdesigns Custom Font Uploader 1.0.0 Wbcomdesigns Custom Font Uploader 1.0.1 Wbcomdesigns Custom Font Uploader 1.0.2 Wbcomdesigns Custom Font Uploader 1.0.3 Wbcomdesigns Custom Font Uploader 1.0.4 Wbcomdesigns Custom Font Uploader 1.1.0 Wbcomdesigns Custom Font Uploader 1.2.0 Wbcomdesigns Custom Font Uploader 2.0.0 Wbcomdesigns Custom Font Uploader 2.1.0 Wbcomdesigns Custom Font Uploader 2.2.0 Wbcomdesigns Custom Font Uploader 2.3.0 Wbcomdesigns Custom Font Uploader 2.3.1 Wbcomdesigns Custom Font Uploader 2.3.2 Wbcomdesigns Custom Font Uploader 2.3.3 Wbcomdesigns Custom Font Uploader 2.3.4 Wbcomdesigns Custom Font Uploader 2.3.5 Wbcomdesigns Custom Font Uploader 2.3.6	18

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References