CVE-2012-10020 – FoxyPress WordPress Arbitrary File Upload Vulnerability

July 22, 2025

CVE ID : CVE-2012-10020

Published : July 22, 2025, 2:15 a.m. | 22 hours, 29 minutes ago

Description : The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2015-10137 – WordPress Website Contact Form With File Upload Remote Code Execution (RCE)

Next Article CVE-2025-52362 – PHProxy SSRF

Highlights

CVE-2025-47285 – Vyper Ethereum Virtual Machine Side-Effect Evaluation Vulnerability

May 15, 2025

CVE ID : CVE-2025-47285

Published : May 15, 2025, 6:15 p.m. | 1 hour, 45 minutes ago

Description : Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero. In practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b””`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b”” if self.do_some_side_effect() else b””`. The fix is available in pull request 4644 and expected to be part of the 0.4.2 release. As a workaround, don’t have side effects in expressions which construct zero-length bytestrings.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2012-10020 – FoxyPress WordPress Arbitrary File Upload Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

CVE-2025-3577 – Zyxel AMG1302-T10B Path Traversal Vulnerability

45 Visual Studio Code Shortcuts for Boosting Your Productivity

CVE-2025-49851 – ControlID iDSecure Authentication Bypass

CVE-2025-45513 – Tenda FH451 Stack Overflow Vulnerability

CVE-2025-47285 – Vyper Ethereum Virtual Machine Side-Effect Evaluation Vulnerability

CVE-2025-4037 – Code-Projects ATM Banking Business Logic Error

CVE-2025-49595 – n8n Denial of Service (DoS) Vulnerability

The big VPN choice: System-wide or just in the browser? How to decide

CVE-2012-10020 – FoxyPress WordPress Arbitrary File Upload Vulnerability

Related Posts