Description
WordPress Plugin Font-official webfonts plugin of Fonts For Web is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Font-official webfonts plugin of Fonts For Web version 7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.5.1 or latest
References
http://seclists.org/bugtraq/2015/Oct/65
https://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html
Related Vulnerabilities
WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)
WordPress Plugin Clockwork SMS Notfications Cross-Site Scripting (2.0.3)
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)
WordPress Plugin MAC PHOTO GALLERY 'upload-file.php' Arbitrary File Upload (2.7)