What is CVE-2012-10027?

CVE-2012-10027 is a vulnerability in Wp-property Wordpress Plugin, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.

Is CVE-2012-10027 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Wp-property Wordpress Plugin

CVE-2012-10027

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory…

Vulnerability class: Unrestricted File Upload

EPSS: 0.824 (99.2th percentile) — read the EPSS interpretation.

Affected products

Wp-property Wordpress Plugin — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

rapid7/metasploit-framework

References

disclosure@vulncheck.com (product)
disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (technical-description, exploit)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2012-10027?: CVE-2012-10027 is a vulnerability in Wp-property Wordpress Plugin, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.
Is CVE-2012-10027 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.