CVE-2012-10027

WordPress Plugin WP-Property <= 1.35.0 PHP File Upload

Description

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

INFO

Published Date :

2025-08-05T20:06:43.138Z

Last Modified :

2025-08-06T13:55:20.302Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10027 vulnerability.

Vendors	Products
Wordpress	Wordpress
Wp-property	Wp-property Wordpress Plugin

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10027.

URL	Resource
http://web.archive.org/web/20150103065650/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_property_upload_exec.rb
https://wordpress.org/plugins/wp-property/
https://www.exploit-db.com/exploits/18987
https://www.exploit-db.com/exploits/23651
https://www.vulncheck.com/advisories/wordpress-plugin-wp-property-php-file-upload

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability