CVE-2012-10020 – The FoxyPress WordPress plugin versions up to 0... (How to Fix)

Q: What is the severity of CVE-2012-10020?

CVE-2012-10020 has a CVSS score of 9.8 (CRITICAL). The FoxyPress WordPress plugin versions up to 0.4.2.1 allow unauthenticated attackers to upload arbitrary files due to missing file type validation in uploadify.php. This vulnerability enables remote code execution by uploading malicious files like PHP shells. Any WordPress site using vulnerable FoxyPress plugin versions is affected.

📋 TL;DR

The FoxyPress WordPress plugin versions up to 0.4.2.1 allow unauthenticated attackers to upload arbitrary files due to missing file type validation in uploadify.php. This vulnerability enables remote code execution by uploading malicious files like PHP shells. Any WordPress site using vulnerable FoxyPress plugin versions is affected.

💻 Affected Systems

Products:

WordPress FoxyPress Plugin

Versions: All versions up to and including 0.4.2.1

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default plugin configuration; no special configuration required for exploitation.

📦 What is this software?

Foxypress by Webmovementllc

View all CVEs affecting Foxypress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for further attacks.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or install cryptocurrency miners.

🟢

If Mitigated

File uploads blocked or monitored, preventing successful exploitation while maintaining plugin functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Metasploit module available; exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.4.2.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/555071

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find FoxyPress plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin immediately.

🔧 Temporary Workarounds

Block uploadify.php access

linux

Add .htaccess rule to block access to vulnerable uploadify.php file

<Files "uploadify.php">
  Order Allow,Deny
  Deny from all
</Files>

Web Application Firewall rule

all

Block requests to uploadify.php containing file uploads

WAF rule: Block POST requests to */wp-content/plugins/foxypress/uploadify.php with file upload content

🧯 If You Can't Patch

Immediately deactivate and remove the FoxyPress plugin from all WordPress installations
Implement strict file upload validation and monitoring on web server

🔍 How to Verify

Check if Vulnerable:

Check WordPress plugin directory for FoxyPress plugin version <= 0.4.2.1

Check Version:

grep -r "Version:" /path/to/wordpress/wp-content/plugins/foxypress/ | head -1

Verify Fix Applied:

Verify FoxyPress plugin version is 0.4.2.2 or higher, or plugin is completely removed

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-content/plugins/foxypress/uploadify.php
File uploads with suspicious extensions (.php, .phtml, .phar)

Network Indicators:

HTTP POST to uploadify.php with file upload content
Unusual outbound connections from web server after file upload

SIEM Query:

source="web_logs" AND uri="/wp-content/plugins/foxypress/uploadify.php" AND method="POST"

📊 Metadata

CVE ID: CVE-2012-10020

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 65.59% exploit probability (98.4th percentile)

Published: July 22, 2025

Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-10020, you might also want to check these: