The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the pluginCreditsJosé AguileraReferenceshttps://wpscan.com/vulnerability/92db763c-ca6b-43cf-87ff-c1678cf4ade5
