CVE-2018-25436
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk47th percentile — higher than 47% of all known CVEs
Summary
The WordPress Plugin Baggage Freight Shipping Australia version 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions, enabling remote code execution.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows attackers to upload malicious code to the server, potentially leading to system compromise.
Recommendation
It is recommended to immediately update the plugin to the latest version or remove it to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.

