QwikSec

Security Database

CVE

CWE

Training

CVE-2021-25094

Published: Apr 25, 2022

Modified: Apr 21, 2025

PUBLISHED

Description

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.

Vendor	Product	Versions
Unknown	Tatsu	affected `3.3.12 - < 3.3.12`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd

x_refsource_MISC

https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/

x_refsource_MISC

http://packetstormsecurity.com/files/167190/WordPress-Tatsu-Builder-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.