CVE-2018-25436

CRITICAL 9.8

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.

CWE	CWE-434
Vendor	shipster
Product	baggage freight shipping australia
Published	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for shipster baggage freight shipping australia

Be the first to know when new critical vulnerabilities affecting shipster baggage freight shipping australia are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Shipster / Baggage Freight Shipping Australia

0.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46061 kaimi.io: https://kaimi.io wordpress.org: https://wordpress.org/plugins/baggage-freight/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-baggage-freight-shipping-australia-arbitrary-file-upload

Credits

Kaimi