Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ffw Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24639 1 Ffw 1 Omgf 2022-12-20 5.5 MEDIUM 8.1 HIGH
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.
CVE-2021-25021 1 Ffw 1 Optimize My Google Fonts 2022-01-11 4.0 MEDIUM 4.9 MEDIUM
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin
CVE-2021-25020 1 Ffw 1 Complete Analytics Optimization Suite 2022-01-11 4.0 MEDIUM 4.9 MEDIUM
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin
CVE-2021-24638 1 Ffw 1 Omgf 2021-10-01 6.4 MEDIUM 9.1 CRITICAL
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.