Vulnerability Description
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scribu | Front-End Editor | < 2.3 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/132303/ExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newProduct
- https://web.archive.org/web/20120712205339/https%3A//www.opensyscom.fr/ActualiteExploitThird Party Advisory
- https://www.cybersecurity-help.cz/vdb/SB2012070701Third Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f271c2e7-9d58-4dea-95dThird Party Advisory
FAQ
What is CVE-2012-10019?
CVE-2012-10019 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthe...
How severe is CVE-2012-10019?
CVE-2012-10019 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-10019?
Check the references section above for vendor advisories and patch information. Affected products include: Scribu Front-End Editor.