CVE-2023-6600

Name of the Vulnerable Software and Affected Versions OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress versions up to, and including, 5.7.9

Description The issue is related to a missing capability check on the update settings() function, which is hooked via admin init. This allows unauthenticated attackers to update the plugin's settings, potentially leading to Stored Cross-Site Scripting and deletion of entire directories. It is estimated that over 300,000 sites are at risk, with the majority located in Germany and the United States.

Recommendations For OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress versions up to, and including, 5.7.9, update to version 5.7.10, which is considered to be the most sufficiently patched. As a temporary workaround, consider disabling the update settings() function until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.