CVE-2012-10027
published 2025-08-05CVE-2012-10027: WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php`…
PriorityP271critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.62%
73.1th percentile
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp-property | wordpress_plugin | <= 1.35.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests targeting the uploadify.php script within the WP-Property plugin directory, particularly those uploading PHP files. ↗
- →Alert on PHP files appearing in the WP-Property temporary upload directory without a corresponding authenticated session, as this indicates exploitation of the unauthenticated file upload vulnerability. ↗
- ·The vulnerability is limited to WP-Property versions up to and including 1.35.0; sites running later versions are not affected. ↗
- ·The vulnerable endpoint is the third-party uploadify.php script bundled with the plugin, not WordPress core itself. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://web.archive.org/web/20150103065650/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.htmlhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_property_upload_exec.rbhttps://wordpress.org/plugins/wp-property/https://www.exploit-db.com/exploits/18987https://www.exploit-db.com/exploits/23651https://www.vulncheck.com/advisories/wordpress-plugin-wp-property-php-file-uploadhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_property_upload_exec.rbhttps://www.exploit-db.com/exploits/18987https://www.exploit-db.com/exploits/23651
2025-08-05
Published