DSGVO Google Web Fonts GDPR plugin <= 1.1 (WordPress, specific themes)
Summary
This vulnerability allows unauthenticated attackers to upload arbitrary files including PHP webshells to publicly accessible directories on affected sites. The plugin lacks file type validation when downloading user-supplied font files from external URLs. The vulnerability only impacts sites using one of a handful of common supported themes.
Remediation
Update the DSGVO Google Web Fonts GDPR plugin to a version after 1.1 that adds proper file type validation. If no patch is available, uninstall the plugin immediately to remove the attack vector.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.