CVE-2023-6600

HIGH EXPLOITED

OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <5.7.9 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-6600 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.

Scores

CVSS v3 8.6
EPSS 0.0048
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2024-01-02
CWE
CWE-79 CWE-862
Status published
Products (2)
daan/omgf < 5.7.10
daanvandenbergh/OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. < 5.7.9
Published Jan 03, 2024
Tracked Since Feb 18, 2026