CVE-2024-47305 in Use Any Font Plugin
Summary
by MITRE • 09/25/2024
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/02/2026
This cross-site request forgery vulnerability exists within the Dnesscarkey Use Any Font plugin for WordPress, specifically impacting versions ranging from the initial release through version 6.3.08. The vulnerability stems from the plugin's failure to implement proper anti-CSRF measures when processing administrative actions. Attackers can exploit this weakness by crafting malicious web pages or email attachments that, when visited by an authenticated administrator, automatically submit unauthorized requests to the vulnerable plugin's endpoints. The flaw represents a classic CSRF attack vector where the attacker leverages the administrator's existing session to perform actions without their knowledge or consent. This vulnerability directly maps to CWE-352, which defines Cross-Site Request Forgery as a weakness where web applications fail to validate that requests originate from legitimate sources. The ATT&CK framework categorizes this as a privilege escalation technique under T1548.001, specifically targeting the exploitation of trusted relationships to gain administrative access.
The technical implementation flaw lies in the plugin's lack of anti-CSRF tokens or similar validation mechanisms within its administrative forms and API endpoints. When administrators perform actions such as modifying font settings, uploading font files, or adjusting plugin configurations, the requests lack proper origin verification or token validation. This absence allows attackers to construct malicious requests that appear legitimate to the server because they are sent from the victim's browser within their authenticated session. The vulnerability is particularly concerning because it operates at the administrative level, potentially enabling attackers to modify critical plugin settings, upload malicious files, or even establish persistent backdoors through the font management functionality. The attack surface is expanded by the fact that the plugin's font handling capabilities could be abused to upload files with malicious code, making this a multi-vector vulnerability that combines CSRF with potential file upload exploits.
The operational impact of this vulnerability extends beyond simple unauthorized actions, as it provides attackers with potential pathways to achieve broader system compromise. An attacker who successfully exploits this CSRF vulnerability could modify the plugin's configuration to redirect users to malicious sites, inject malicious code into font files, or alter the plugin's behavior to facilitate further attacks. The vulnerability's persistence across multiple versions indicates a fundamental design flaw in the plugin's security implementation that was not adequately addressed in the affected releases. This creates a significant risk for WordPress installations using the plugin, particularly those with high-privilege administrators who frequently access the admin dashboard. Organizations may experience unauthorized modifications to their website's appearance and functionality, potential data exfiltration through malicious font files, or even complete takeover of the affected WordPress installations if combined with other vulnerabilities. The impact is amplified by the fact that many WordPress administrators may not be aware of the plugin's existence or its security implications, making them more susceptible to exploitation.
Mitigation strategies should begin with immediate patching to version 6.3.09 or later, which should contain the necessary CSRF protection mechanisms. Administrators should also implement additional security measures including regular security audits of installed plugins, monitoring for unauthorized administrative actions, and ensuring that only trusted users have administrative privileges. The implementation of Content Security Policy headers and proper session management can help reduce the attack surface, while network-level monitoring should be employed to detect suspicious requests to the plugin's endpoints. Organizations should also consider implementing Web Application Firewall rules to block known malicious patterns and establish a robust incident response plan for detecting and responding to potential CSRF exploitation attempts. Security teams should conduct comprehensive vulnerability assessments of their WordPress installations to identify other plugins or components that may share similar CSRF vulnerabilities. The remediation process should include validating that all administrative actions now require proper CSRF tokens and that the plugin's authentication mechanisms are properly validated before processing any sensitive operations.