CVE-2012-10020

CRITICAL

FoxyPress <= 0.4.2.1 - Unauthenticated Arbitrary File Upload via uploadify.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-10020. PoCs published by Sammy FORGIT, aushack, including Metasploit module exploits/unix/webapp/wp_foxypress_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress Foxypress plugin (versions 0.4.1.1 to 0.4.2.1) via the uploadify.php script, allowing remote code execution by uploading a malicious PHP file.

Description

The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Sammy FORGIT, aushack · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_foxypress_upload.rb

This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress Foxypress plugin (versions 0.4.1.1 to 0.4.2.1) via the uploadify.php script, allowing remote code execution by uploading a malicious PHP file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Foxypress plugin 0.4.1.1 - 0.4.2.1
No auth needed
Prerequisites: Target must have the vulnerable Foxypress plugin installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.8007
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (2)
webmovementllc/foxypress < 0.4.2.1
WebMovementLLC/FoxyPress < 0.4.2.2
Published Jul 22, 2025
Tracked Since Feb 18, 2026