CVE-2021-25094

This exploit leverages an unauthenticated file upload vulnerability in the Tatsu WordPress plugin (CVE-2021-25094) to achieve remote code execution. It uploads a malicious ZIP archive containing a PHP shell via the 'add_custom_font' AJAX action, then triggers the shell to execute arbitrary commands.

This repository contains a functional exploit for CVE-2021-25094, an unauthenticated RCE vulnerability in the Tatsu Builder WordPress plugin. The exploit leverages a race condition during file upload and extraction to achieve remote code execution.

This repository contains a functional exploit for CVE-2021-25094, a vulnerability in the TypeHub WordPress plugin that allows arbitrary file upload leading to remote code execution (RCE). The exploit uploads a malicious ZIP file containing a PHP shell to the target WordPress site via the plugin's admin-ajax.php endpoint.

This repository contains a functional exploit for CVE-2021-25094, a pre-authentication RCE vulnerability in the WordPress Tatsu Builder plugin. The exploit uploads a malicious ZIP file via the 'add_custom_font' action, leading to arbitrary file upload and remote code execution.

This repository contains a functional PHP exploit for CVE-2021-25094, which targets an unrestricted file upload vulnerability in the Tatsu Plugin for WordPress. The exploit automates the process of uploading a malicious ZIP file via the `add_custom_font` AJAX action, potentially leading to remote code execution.

This Metasploit module exploits CVE-2021-25094, an unauthenticated RCE in the Tatsu WordPress plugin <= 3.3.11. It uploads a malicious ZIP containing a PHP payload via a file upload vulnerability and triggers execution by accessing the uploaded file.