CVE-2012-10064

2026-01-16 [email protected]

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 26, 2026 - 15:05 vuln.today
Public exploit code
CVE Published
Jan 16, 2026 - 20:15 nvd
N/A

Tags

WordPress PHP RCE

Description

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.

Analysis

Omni Secure File versions up to 0.1.14 is affected by unrestricted upload of file with dangerous type.

Technical Context

This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) exists in the bundled plupload example component. Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.

Affected Products

Product: Omni Secure File. Versions: up to 0.1.14. Component: bundled plupload example.

Remediation

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root.

Priority Score

21
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +0
POC: +20

Share

CVE-2012-10064 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy