CVE-2012-10027

Critical CVSS 9.3

Overview

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

CWE: CWE-434 Published: 2025-08-05T20:15:33.560

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.3 (CRITICAL)
Detected tags: rce, unauth_access, wordpress (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags