Unrestricted File Upload in Kish Guest Posting for WordPress
CVE-2012-5318

Currently unrated

Key Information:

Vendor: Wordpress
Status: Kish Guest Posting Plugin
Vendor: CVE Published:; 8 October 2012

What is CVE-2012-5318?

The Kish Guest Posting plugin for WordPress contains an unrestricted file upload vulnerability in the uploadify/scripts/uploadify.php file. This flaw allows attackers to upload malicious files with double extensions, enabling arbitrary code execution. The issue arises from an incomplete fix related to a previous vulnerability, exposing users to potential security breaches if exploited. Affected users should promptly update their plugin to mitigate this risk.

References

http://secunia.com/advisories/47688

third-party-advisoryx_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2012/03/08/1

mailing-listx_refsource_MLIST

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2012

Wordpress

What is CVE-2012-5318?

References

EPSS Score

Timeline