Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total1

Critical0

High1

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-1 of 1 records

Threat Entry Updated 2025-04-21

CVE-2021-25094 - Tatsu Plugin

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.

PLUGIN Tatsu

CVE-2021-25094

HIGH CVSS 8.1 2022-04-25

Risk Score

Open Full Technical Breakdown

Scroll to top

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-25094 - Tatsu Plugin

Company Links

Contact Us