CRITICAL
Shipster
CVE published 2026-06-15
CVE-2018-25436
CVE-2018-25436 is a critical vulnerability in the WordPress Plugin Baggage Freight Shipping Australia 0.1.0. The vulnerability allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote c [truncated]