MEDIUM
conoha
CVE published 2026-05-20
CVE-2026-8610
The TypeSquare Webfonts for ConoHa plugin for WordPress contains an authorization bypass vulnerability affecting all versions up to and including 2.0.4. The plugin fails to verify user authorization before allowing modifications to site-wide font settings. Authenticated attackers with subscriber-level access or higher can modify the plugin's configuration, including the typesquare_auth option (fontThemeUs [truncated]