Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-25094 PoC — Tatsu < 3.3.12 - Unauthenticated RCE

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-25094.yaml
Associated Vulnerability
Title:Tatsu < 3.3.12 - Unauthenticated RCE (CVE-2021-25094)
Description:The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
Description
An unrestricted file upload in WordPress Tatsubuilder plugin version <= 3.3.11 enables an unauthenticated attacker to perform a remote code execution (RCE) on the server host due to multiple weaknesses in the font import feature and put 100,000 websites at risk.
File Snapshot

 id: CVE-2021-25094

info:
  name: Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution
  author:

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →