CVE-2012-1205

high

Published 2012-02-24 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://wordpress.org/extend/plugins/relocate-upload/changelog/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47976

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://plugins.trac.wordpress.org/changeset/504380/relocate-upload

Application impact

Vendor	Product	Versions
alanft	relocate-upload	`{"endIncluding":"0.14"}`
alanft	relocate-upload	`0.10`
alanft	relocate-upload	`0.11`
wordpress	wordpress

References

http://osvdb.org/79250
http://plugins.trac.wordpress.org/changeset/504380/relocate-upload
http://secunia.com/advisories/47976
http://wordpress.org/extend/plugins/relocate-upload/changelog/
http://www.securityfocus.com/bid/49693
http://osvdb.org/79250
http://plugins.trac.wordpress.org/changeset/504380/relocate-upload
http://secunia.com/advisories/47976
http://wordpress.org/extend/plugins/relocate-upload/changelog/
http://www.securityfocus.com/bid/49693

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.