CVE-2012-10025 – “WordPress Advanced Custom Fields RFI Remote Code Execution”

August 5, 2025

CVE ID : CVE-2012-10025

Published : Aug. 5, 2025, 8:15 p.m. | 3 hours, 10 minutes ago

Description : The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2012-10026 – “WordPress Asset-Manager Unauthenticated Remote Code Execution Vulnerability”

Next Article CVE-2012-10024 – XBMC HTTP Server Path Traversal Vulnerability

Highlights

CVE-2025-4516 – CPython Bytes Decode Unicode Escape Vulnerability

May 15, 2025

CVE ID : CVE-2025-4516

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : There is an issue in CPython when using `bytes.decode(“unicode_escape”, error=”ignore|replace”)`. If you are not using the “unicode_escape” encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Student Performance Prediction System using Python Machine Learning (ML)

Student Performance Prediction System using Python Machine Learning (ML)

The attack on the npm ecosystem continues

Feature Highlight

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2012-10025 – “WordPress Advanced Custom Fields RFI Remote Code Execution”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2024-45347 – Xiaomi Mi Connect Service APP Unauthorized Access Vulnerability

AI is changing the rental car return experience – and it could cost you

Rilasciato FreeDOS 1.4: Un aggiornamento importante per il sistema operativo compatibile con MS-DOS

CVE-2025-48699 – Apache Unintended Exposure

CVE-2025-4516 – CPython Bytes Decode Unicode Escape Vulnerability

OpenAI goes all in on hardware, will buy Jony Ive’s AI startup

Generate awesome open graph images with Open Graphy

This phone case sprays hand sanitizer, and it’s an odd essential I take everywhere

CVE-2012-10025 – “WordPress Advanced Custom Fields RFI Remote Code Execution”

Related Posts