CVE-2012-4874

WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload

highUnrestricted Upload of File with Dangerous Type

7.2

CVSS Score

7.2

CVSS Score

high

Severity

2.0

Patched in

4312d

Time to patch

Description

The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_handleimagesupload function in versions up to, and including, 1.8.9.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Technical Details

Affected versions<2.0

PublishedApril 3, 2012

Last updatedJanuary 22, 2024

Affected pluginanother-wordpress-classifieds-plugin

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/e7613875-b44e-4b91-9a5b-41ea0854cd61?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database