Unauthenticated File Upload Vulnerability in WP-Property Plugin for WordPress
CVE-2012-10027
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 5 August 2025
Badges
What is CVE-2012-10027?
The WP-Property plugin for WordPress, prior to version 1.35.0, is vulnerable to an unauthenticated file upload issue due to a flaw in the uploadify.php
script. This vulnerability allows an attacker to upload arbitrary PHP files to a temporary directory without requiring authentication, potentially leading to remote code execution. Malicious actors could exploit this weakness to execute harmful scripts on affected WordPress sites, compromising security and integrity.
Affected Version(s)
WordPress Plugin * <= 1.35.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved