CVE-2026-3535: CWE-434 Unrestricted Upload of File with Dangerous Type in mlfactory DSGVO Google Web Fonts GDPR
The DSGVO Google Web Fonts GDPR WordPress plugin (versions up to 1. 1) contains an arbitrary file upload vulnerability due to missing file type validation in a function exposed via an unauthenticated AJAX hook. This allows attackers to upload malicious files, including PHP webshells, potentially leading to remote code execution. Exploitation requires the site to be using one of several specific WordPress themes. No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
CVE-2026-3535 is a critical vulnerability in the mlfactory DSGVO Google Web Fonts GDPR WordPress plugin. The vulnerability arises from the `DSGVOGWPdownloadGoogleFonts()` function, which is accessible without authentication through a `wp_ajax_nopriv_` hook. This function downloads files from user-supplied URLs without validating file types, enabling attackers to upload arbitrary files, including executable PHP scripts, to a publicly accessible directory. Successful exploitation can result in remote code execution on affected sites that use specific themes such as twentyfifteen, twentyseventeen, twentysixteen, storefront, salient, or shapely. The CVSS 3.1 base score is 9.8, reflecting the high impact and ease of exploitation.
Potential Impact
An unauthenticated attacker can upload arbitrary files, including PHP webshells, to the server hosting the vulnerable plugin. This can lead to full remote code execution, compromising confidentiality, integrity, and availability of the affected WordPress site. The vulnerability affects sites using certain themes, increasing the attack surface for those configurations. No known exploits in the wild have been reported yet.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the vendor's advisory channels for updates. As a temporary mitigation, disabling or removing the DSGVO Google Web Fonts GDPR plugin until a fix is released is recommended. Additionally, restricting access to the affected AJAX endpoint or limiting the use of the vulnerable themes may reduce exposure. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-3535: CWE-434 Unrestricted Upload of File with Dangerous Type in mlfactory DSGVO Google Web Fonts GDPR
Description
The DSGVO Google Web Fonts GDPR WordPress plugin (versions up to 1. 1) contains an arbitrary file upload vulnerability due to missing file type validation in a function exposed via an unauthenticated AJAX hook. This allows attackers to upload malicious files, including PHP webshells, potentially leading to remote code execution. Exploitation requires the site to be using one of several specific WordPress themes. No official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-3535 is a critical vulnerability in the mlfactory DSGVO Google Web Fonts GDPR WordPress plugin. The vulnerability arises from the `DSGVOGWPdownloadGoogleFonts()` function, which is accessible without authentication through a `wp_ajax_nopriv_` hook. This function downloads files from user-supplied URLs without validating file types, enabling attackers to upload arbitrary files, including executable PHP scripts, to a publicly accessible directory. Successful exploitation can result in remote code execution on affected sites that use specific themes such as twentyfifteen, twentyseventeen, twentysixteen, storefront, salient, or shapely. The CVSS 3.1 base score is 9.8, reflecting the high impact and ease of exploitation.
Potential Impact
An unauthenticated attacker can upload arbitrary files, including PHP webshells, to the server hosting the vulnerable plugin. This can lead to full remote code execution, compromising confidentiality, integrity, and availability of the affected WordPress site. The vulnerability affects sites using certain themes, increasing the attack surface for those configurations. No known exploits in the wild have been reported yet.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the vendor's advisory channels for updates. As a temporary mitigation, disabling or removing the DSGVO Google Web Fonts GDPR plugin until a fix is released is recommended. Additionally, restricting access to the affected AJAX endpoint or limiting the use of the vulnerable themes may reduce exposure. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-04T18:14:55.423Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5fe4c1cc7ad14da37384d
Added to database: 4/8/2026, 7:05:48 AM
Last enriched: 4/15/2026, 12:40:13 PM
Last updated: 5/23/2026, 5:02:18 PM
Views: 166
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.