CVE-2012-10064

216.73.217.22

· Published 16/01/2026 20:15 · Modified 16/01/2026 22:16

Labels: CVE-2012-10064 2026-01-16 CVE-2012-10064 CWE-434 [email protected]

Essential information

Published: 16/01/2026 20:15
Modified: 16/01/2026 22:16
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
omni-secure-files / omni secure files	`cpe:2.3:a:omni-secure-files:omni_secure_files:<0.1.14:::::::*`