CVE-2012-10027
WordPress Plugin WP-Property <= 1.35.0 PHP File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
| CWE | CWE-434 |
| Vendor | wp-property |
| Product | wordpress plugin |
| Published | Aug 5, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for wp-property wordpress plugin
Be the first to know when new unknown vulnerabilities affecting wp-property wordpress plugin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WP-Property / WordPress Plugin
* โค 1.35.0
References
wordpress.org: https://wordpress.org/plugins/wp-property/ raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_property_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/18987 exploit-db.com: https://www.exploit-db.com/exploits/23651 web.archive.org: http://web.archive.org/web/20150103065650/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-wp-property-php-file-upload
Credits
Sammy FORGIT