CVE-2021-25003

CVE-2021-25003: WPCargo < 6.9.0 - Unauthenticated RCE

Vendor Unknown
Product WPCargo Track & Trace
Weakness CWE-94 · Code injection
Published March 14, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 3, 2024 Record updated