cleantalk
Vulnerabilities and Security Researches

TypeSquare Webfonts for ConoHa, CVE-2026-8610

CVE, Research URL

CVE-2026-8610

Home page URL

Security reports for TypeSquare Webfonts for ConoHa

Application

TypeSquare Webfonts for ConoHa

Published on
May 20, 2026
Research Description
The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's site-wide font settings, including the typesquare_auth option (fontThemeUseType), show_post_form, and typesquare_fonttheme, by submitting a POST request to any wp-admin page. For fontThemeUseType values 1 and 3, no nonce verification is performed either, meaning those branches are additionally exploitable via cross-site request forgery.
Affected versions
max 2.0.4.
Status
vulnerable
Previous vulnerability researches
Ultimate Classified Listings (CVE-2024-52487) , Nov 23, 2024
Ultimate Classified Listings (CVE-2024-52448) , Nov 22, 2024
Ultimate Classified Listings (CVE-2024-13753) , Feb 22, 2025
Ultimate Classified Listings (CVE-2024-13748) , Feb 22, 2025
Ultimate Classified Listings (CVE-2024-5882) , Jul 17, 2024
New vulnerability
ProSolution WP Client (CVE-2026-6555) , May 23, 2026
BLOGCHAT Chat System (CVE-2026-8420) , May 23, 2026
TypeSquare Webfonts for ConoHa (CVE-2026-8610) , May 23, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026