CVE-2012-5318

medium

Published 2012-10-08 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47688

Application impact

Vendor	Product	Versions	Fixed
kishore_asokan	kish_guest_posting_plugin	`1.2`
wordpress	wordpress	`-`

References

http://secunia.com/advisories/47688
http://www.openwall.com/lists/oss-security/2012/03/08/1
http://secunia.com/advisories/47688
http://www.openwall.com/lists/oss-security/2012/03/08/1

Verify integrity in audit chain (admin only). AS-IS.