image credit: Unsplash

Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

May 18, 2022

Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory.

While the plugin includes an extension control, this can be bypassed by adding a PHP shell with a filename that begins with a dot (“.”). Furthermore, a race condition in the extraction process allows for an attacker to call the shell file.

Read More on Security Week