Description

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.

INFO

Published Date :

2025-08-05T20:06:23.563Z

Last Modified :

2025-08-07T15:02:41.324Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2012-10026 vulnerability.

Vendors Products
Asset-manager
  • Asset-manager Wordpress Plugin
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10026.

URL Resource
http://web.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html cve-icon cve-icon cve-icon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb cve-icon cve-icon cve-icon
https://wordpress.org/plugins/asset-manager/ cve-icon cve-icon
https://www.exploit-db.com/exploits/18993 cve-icon cve-icon cve-icon
https://www.exploit-db.com/exploits/23652 cve-icon cve-icon cve-icon
https://www.vulncheck.com/advisories/wordpress-plugin-asset-manager-php-file-upload cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability