Vulnerabilities > Brandexponents

DATE CVE VULNERABILITY TITLE RISK
2022-04-25 CVE-2021-25094 Unspecified vulnerability in Brandexponents Tatsu
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory.
network
high complexity
brandexponents
8.1