What is CVE-2021-25003?

CVE-2021-25003 is a vulnerability in Wpcargo Track & Trace, classified under Code Injection. Published 2022-03-14.

Is CVE-2021-25003 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Wpcargo Track & Trace

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.916 (99.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Wpcargo Track & Trace — versions 6.9.0

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

biulove0x/CVE-2021-25003
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_
WhooAmii/POC_
k0mi-tg/CVE-POC
manas3c/CVE-POC
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/5c21ad35-b2fb-4a51-858f-8ffff685de4a (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-25003?: CVE-2021-25003 is a vulnerability in Wpcargo Track & Trace, classified under Code Injection. Published 2022-03-14.
Is CVE-2021-25003 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.