The Latest in IT Security

Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

18
May
2022
Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

image credit: unsplash

Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory.

While the plugin includes an extension control, this can be bypassed by adding a PHP shell with a filename that begins with a dot (“.”). Furthermore, a race condition in the extraction process allows for an attacker to call the shell file.

Read More

Comments are closed.

Categories

TUESDAY, JULY 05, 2022
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments