What is CVE-2020-12800?

CVE-2020-12800 is a vulnerability in N/a. Published 2020-06-08.

Is CVE-2020-12800 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

amartinsec/CVE-2020-12800
rapid7/metasploit-framework
0xT11/CVE-POC
0xZEros66/Wordpress-Exploit-AiO-Package
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Retr0-ll/2023-littleTerm
Retr0-ll/littleterm
Shamsuzzaman321/Wordpress-Exploit-AiO-Package

References

packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploade… (x_refsource_MISC)
wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-12800?: CVE-2020-12800 is a vulnerability in N/a. Published 2020-06-08.
Is CVE-2020-12800 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.