CVE-2015-7683 Information

Description

Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.

Reference

http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html http://www.securityfocus.com/archive/1/536670/100/0/threaded https://wordpress.org/plugins/font/changelog/ https://wpvulndb.com/vulnerabilities/8214 Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.