Source: National Vulnerability Database

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25094

75 hits since 2022-04-25

PHP Vulns Source Ratio: 17% (6320 total, 535 propagated, 3160 filtered)