Plataforma
wordpress
Componente
omni-secure-files
Corrigido em
0.1.14
CVE-2012-10064 describes a critical Arbitrary File Access vulnerability affecting the Omni Secure Files plugin for WordPress. This flaw allows unauthenticated attackers to upload arbitrary files to the server, potentially enabling remote code execution. The vulnerability impacts versions of the plugin up to and including 0.1.13. A fix is available in version 0.1.14.
The primary impact of CVE-2012-10064 is the ability for an attacker to upload arbitrary files to a WordPress server. This can be exploited to upload web shells, allowing the attacker to execute arbitrary code on the server with the privileges of the web server user. Successful exploitation could lead to complete compromise of the web server, including data exfiltration, defacement, and further attacks against other systems on the network. The lack of file type validation makes this vulnerability particularly dangerous, as attackers can bypass common security measures.
CVE-2012-10064 was published in 2012 and has been known for a significant period. While no active campaigns specifically targeting this vulnerability have been publicly reported, the ease of exploitation and the potential impact make it a persistent risk, especially for older, unpatched WordPress installations. The vulnerability is not listed on KEV or EPSS. Public Proof-of-Concept (PoC) code is readily available, increasing the likelihood of exploitation.
Status do Exploit
EPSS
0.51% (percentil 66%)
Vetor CVSS
The primary mitigation for CVE-2012-10064 is to immediately upgrade the Omni Secure Files plugin to version 0.1.14 or later. If upgrading is not immediately possible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While not a complete solution, a Web Application Firewall (WAF) configured to block file uploads with suspicious extensions (e.g., .php, .exe, .asp) can provide a temporary layer of protection. Regularly scan the WordPress installation for unauthorized files.
Atualize para a versão 0.1.14, ou uma versão corrigida mais recente
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2012-10064 is a critical vulnerability in the Omni Secure Files WordPress plugin allowing attackers to upload arbitrary files due to missing file type validation. This can lead to remote code execution and complete server compromise.
You are affected if you are using the Omni Secure Files plugin in WordPress version 0.1.13 or earlier. Check your plugin version immediately and upgrade if necessary.
Upgrade the Omni Secure Files plugin to version 0.1.14 or later. If upgrading is not possible, temporarily disable the plugin and consider using a WAF to block suspicious file uploads.
While no specific active campaigns are publicly known, the vulnerability's ease of exploitation and potential impact make it a persistent risk, especially for unpatched systems.
The official advisory is typically found on the WordPress plugin repository page for Omni Secure Files, or on the developer's website (if available). Search for 'Omni Secure Files CVE-2012-10064' to locate relevant information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.