Pippin Williamson : Security Vulnerabilities, CVEs,
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
Max CVSS
7.5
EPSS Score
1.31%
Published
2012-06-27
Updated
2012-06-28
1 vulnerabilities found