CVE-2012-3814

Name of the Vulnerable Software and Affected Versions Font Uploader plugin version 1.2.4

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension to the font-upload.php file in the Font Uploader plugin, and then accessing it via a direct request to the file in font-uploader/fonts.

Recommendations For Font Uploader plugin version 1.2.4, consider removing or restricting access to the font-upload.php file until a patch is available, and avoid using the file upload functionality in the plugin to minimize the risk of exploitation.