CVE-2012-10064

16.01.2026, 20:15

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
VulnCheck	CNA	---	---
CISA-ADP	ADP	---	---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://packetstorm.news/files/id/113411

https://web.archive.org/web/20121025112632/http%3A//secunia.com/advisories/49441

https://web.archive.org/web/20191021091221/https%3A//www.securityfocus.com/bid/53872/

https://wordpress.org/plugins/omni-secure-files/

https://wpscan.com/vulnerability/376fd666-6471-479c-9b74-1d8088a33e89/

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-omni-secure-files-upload-php-arbitrary-file-upload-0-1-13/

https://www.exploit-db.com/exploits/19009

https://www.vulncheck.com/advisories/omni-secure-files-unauthenticated-arbitrary-file-upload

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/omni-secure-files/omni-secure-files-0113-arbitrary-file-upload

https://wpscan.com/vulnerability/376fd666-6471-479c-9b74-1d8088a33e89/