Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2021-25094
CVE-2021-25094:
WordPress vulnerability analysis and mitigation
Overview
The Tatsu WordPress plugin before version 3.3.12 contained a critical unauthenticated Remote Code Execution (RCE) vulnerability identified as CVE-2021-25094. The vulnerability was discovered in the plugin's addcustomfont action functionality, which could be exploited without prior authentication. This security flaw affected approximately 100,000 websites using the Tatsu Builder plugin (Bleeping Computer, DarkPills).
Technical details
The vulnerability stems from multiple security weaknesses in the font import feature. An attacker could upload a malicious zip file containing a PHP shell with a filename starting with a dot '.' to bypass the plugin's extension control. Additionally, a race condition in the zip extraction process allowed the shell file to remain accessible on the filesystem long enough to be executed. The vulnerability received a CVSS v3.1 score of 8.1 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).
Impact
The vulnerability allowed remote attackers to execute arbitrary code on servers running outdated versions of the plugin. This could lead to complete server compromise, as the uploaded PHP shell would execute with the web server's privileges. The impact was particularly severe due to the unauthenticated nature of the exploit and the large number of potentially affected websites (Bleeping Computer).
Mitigation and workarounds
The vulnerability was patched in version 3.3.12 of the Tatsu plugin, released in March 2022. Website administrators were strongly advised to upgrade to this version immediately. The fix primarily involved removing unauthenticated access to the addcustomfont function and implementing additional security checks for file uploads (DarkPills).
Community reactions
The security community responded quickly to the threat, with security firms like Wordfence actively monitoring and blocking exploitation attempts. It was estimated that between 20,000 and 50,000 websites were still running vulnerable versions of the plugin even after the patch was released (Bleeping Computer).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management