Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
Vulnerability Description
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WordPress 插件路径遍历漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 OMGF WordPress插件存在路径遍历漏洞,该漏洞源于没有对REST API的句柄参数进行转义或验证,这使得未经身份验证的用户可以执行路径遍历,使用谷歌Fonts CSS覆盖任意的CSS文件,或者下载谷歌Fonts网站上上传的字体。
CVSS Information
N/A
Vulnerability Type
N/A