cleantalk
Vulnerabilities and Security Researches

Front-end Editor, CVE-2012-10019

CVE, Research URL

CVE-2012-10019

Home page URL

Security reports for Front-end Editor

Application

Front-end Editor

Published on
Jul 19, 2025
Research Description
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
Shipmondo – A complete shipping solution for WooCommerce (CVE-2025-27001) , Apr 02, 2025
New vulnerability
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025