CVE-2012-10026
WordPress Plugin Asset-Manager <= 2.0 PHP File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web serverβs context.
| CWE | CWE-434 |
| Vendor | asset-manager |
| Product | wordpress plugin |
| Published | Aug 5, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for asset-manager wordpress plugin
Be the first to know when new unknown vulnerabilities affecting asset-manager wordpress plugin are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Asset-Manager / Wordpress Plugin
* β€ 2.0
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/18993 exploit-db.com: https://www.exploit-db.com/exploits/23652 web.archive.org: http://web.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html wordpress.org: https://wordpress.org/plugins/asset-manager/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-asset-manager-php-file-upload
Credits
Sammy FORGIT