GHSA-2v73-958c-qpgjCriticalCVSS 9.8

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload...

Published
June 15, 2026
Last Modified
June 15, 2026

🔗 CVE IDs covered (1)

📋 Description

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.

🔗 References (6)