Source: National Vulnerability Database

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot

75 hits since 2022-04-25

PHP Vulns Source Ratio: 17% (6320 total, 535 propagated, 3160 filtered)