cleantalk
Vulnerabilities and Security Researches

Front-end Editor, CVE-2012-10019

CVE, Research URL

CVE-2012-10019

Home page URL

Security reports for Front-end Editor

Application

Front-end Editor

Published on
Jul 19, 2025
Research Description
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
FG Drupal to WordPress (CVE-2025-48294) , Jul 18, 2025
FG Drupal to WordPress (CVE-2024-31247) , Jun 07, 2024
FG Drupal to WordPress (CVE-2024-24837) , Jun 07, 2024
New vulnerability
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025