ByteOS Network

NVD Vulnerability Details :

CVE-2012-10026

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-05 Aug, 2025 | 20:15

Updated At-07 Aug, 2025 | 15:15

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	10.0	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 10.0

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-434	Secondary	disclosure@vulncheck.com

CWE ID: CWE-434

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
http://web.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html	disclosure@vulncheck.com	N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb	disclosure@vulncheck.com	N/A
https://wordpress.org/plugins/asset-manager/	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/18993	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/23652	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/wordpress-plugin-asset-manager-php-file-upload	disclosure@vulncheck.com	N/A
http://web.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A
https://www.exploit-db.com/exploits/18993	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A
https://www.exploit-db.com/exploits/23652	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A