TypeSquare Webfonts for ConoHa Missing Authorization Vulnerability in WordPress Plugin

A vulnerability exists in the TypeSquare Webfonts for ConoHa WordPress plugin, affecting all versions up to and including 2.0.4. The issue stems from the plugin's failure to properly verify user authorization for certain actions. This flaw allows authenticated users with subscriber-level access or higher to alter site-wide font settings through the WordPress admin interface. Specifically, attackers can manipulate options related to font themes and post visibility. Additionally, for certain font theme values, the absence of nonce verification creates a cross-site request forgery risk.

Impact

Exploitation of this vulnerability allows for unauthorized modification of plugin settings, potentially leading to unauthorized changes in site-wide font configurations and related options.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a POST request to any wp-admin page. The request must include the 'fontThemeUseType' parameter with values 1 or 3, which bypasses nonce verification. This exploitation can be done manually or automated through a script that targets the vulnerability.