CVE-2012-10019

Опубликовано: 19 июл. 2025

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Ссылки

https://packetstormsecurity.com/files/132303/
Exploit
Third Party Advisory
VDB Entry
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=600233%40front-end-editor&old=569105%40front-end-editor&sfp_email=&sfph_mail=
Product
https://web.archive.org/web/20120712205339/https%3A//www.opensyscom.fr/Actualites/wordpress-plugins-front-end-editor-arbitrary-file-upload-vulnerability.html
Exploit
Third Party Advisory
https://www.cybersecurity-help.cz/vdb/SB2012070701
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scribu:front-end_editor:*:*:*:*:*:wordpress:*:*

Версия до 2.3 (исключая)

EPSS

Процентиль: 98%

0.64631

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-587g-h9jh-grjq