VIR Vulnerability Intelligence Relay

CVE-2012-1785

high
Published 2012-03-19 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48087

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924

Application impact
VendorProductVersionsFixed
kylegilmanvideo_embed_\&_thumbnail_generator{"endIncluding":"1.1"}
kylegilmanvideo_embed_\&_thumbnail_generator0.2
kylegilmanvideo_embed_\&_thumbnail_generator0.2.1
kylegilmanvideo_embed_\&_thumbnail_generator1.0
kylegilmanvideo_embed_\&_thumbnail_generator1.0.1
kylegilmanvideo_embed_\&_thumbnail_generator1.0.2
kylegilmanvideo_embed_\&_thumbnail_generator1.0.3
kylegilmanvideo_embed_\&_thumbnail_generator1.0.4
kylegilmanvideo_embed_\&_thumbnail_generator1.0.5
wordpress wordpresswordpress

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.