13 matches found
📄 WordPress Tatsu 3.3.11 Shell Upload
WordPress Tatsu plugin version 3.3.11 proof of concept unauthenticated remote shell upload exploit. ============================================================================================================================================= | Title : WordPress Tatsu 3.3.11 Plugin Unauthenticated...
📄 WordPress Tatsu 3.3.11 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution in the Tatsu WordPress plugin in versions 3.3.11 and below. The module uploads a malicious zip with a PHP payload that gets executed in the second part of exploit. This module requires Metasploit:...
📄 Tatsu 3.3.11 Remote Code Execution
Tatsu versions 3.3.11 and below pre-authentication proof of concept remote code execution exploit. !/usr/bin/python3 coding: utf-8 Exploit Title:Tatsu = 3.3.11 pre-auth RCE exploit Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
Tatsu 3.3.11 - Unauthenticated RCE
Exploit Title:Tatsu 3.3.11 - Unauthenticated RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Product: Tatsu wordpress plugin = 3.3.11 CVE:...
VulnCheck KEV: CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
WordPress Tatsu Plugin Remote Code Execution (CVE-2021-25094)
A remote code execution vulnerability exists in WordPress Tatsu plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Tatsu Plugin < 3.3.12 RCE Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Tatsu plugin file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...
CVE-2021-25094 Tatsu < 3.3.12 - Unauthenticated RCE
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
WordPress plugin Tatsu 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...
Tatsu < 3.3.12 - Unauthenticated RCE
The plugin addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover,...
WordPress Tatsu plugin < 3.3.13 - Unauthenticated Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE vulnerability discovered by Vincent Michel in WordPress Tatsu plugin versions 3.3.13. Solution Update the WordPress Tatsu plugin to the latest available version at least 3.3.13...
PT-2021-7096 · WordPress · Tatsu Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Tatsu WordPress plugin versions prior to 3.3.12 Description: The issue is related to the add custom font action in the Tatsu WordPress plugin, which can be used without prior authentication to upload a rogue zip file. This file is uncompresse...