9.8
CVE-2012-10019
- EPSS 64.63%
- Veröffentlicht 19.07.2025 09:23:52
- Zuletzt bearbeitet 19.12.2025 18:53:35
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginFront-end Editor < 2.3 - Arbitrary File Upload
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Mögliche Gegenmaßnahme
Front-end Editor: Update to version 2.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Front-end Editor
Version
[*, 2.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Scribu ≫ Front-end Editor SwPlatformwordpress Version < 2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 64.63% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.