Description
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8214
Exploit x_refsource_misc
http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536670/100/0/threaded
Patch x_refsource_confirm
https://wordpress.org/plugins/font/changelog/
Scores
EPSS
0.0500
EPSS Percentile
91.2%
Details
CWE
CWE-22
Status
published
Products (1)
font_project/font
< 7.5
Published
Oct 16, 2015
Tracked Since
Feb 18, 2026