Ffw

ffw

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Optimize My Google Fonts

optimize_my_google_fonts

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25021 1Ffw 1Optimize My Google Fonts Jun 17, 2026 Jan 3, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 The OMGF \| Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalli...Show more The OMGF \| Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the pluginShow less
CVE-2021-24639 1Ffw 1Omgf Jun 17, 2026 Sep 20, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on...Show more The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.Show less
CVE-2021-24638 1Ffw 1Omgf Jun 17, 2026 Sep 20, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS...Show more The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.Show less