CVE-2012-10064

Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload

Description

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.

INFO

Published Date :

2026-01-16T20:10:13.429Z

Last Modified :

2026-01-16T21:08:58.048Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10064 vulnerability.

Vendors	Products
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10064.

URL	Resource
https://packetstorm.news/files/id/113411
https://web.archive.org/web/20121025112632/http%3A//secunia.com/advisories/49441
https://web.archive.org/web/20191021091221/https%3A//www.securityfocus.com/bid/53872/
https://wordpress.org/plugins/omni-secure-files/
https://wpscan.com/vulnerability/376fd666-6471-479c-9b74-1d8088a33e89/
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-omni-secure-files-upload-php-arbitrary-file-upload-0-1-13/
https://www.exploit-db.com/exploits/19009
https://www.vulncheck.com/advisories/omni-secure-files-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/omni-secure-files/omni-secure-files-0113-arbitrary-file-upload

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability