Unrated severityNVD Advisory· Published Jun 17, 2012· Updated Jun 16, 2026
CVE-2012-3578
CVE-2012-3578
Description
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:fcchat_widget:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:fcchat_widget:*:*:*:*:*:*:*:*range: <=2.2.13.1
- (no CPE)range: <=2.2.13.1
Patches
Vulnerability mechanics
References
5- packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.htmlnvdExploit
- www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.htmlnvdExploit
- www.securityfocus.com/bid/53855nvdExploit
- secunia.com/advisories/49419nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/76123nvd
News mentions
0No linked articles in our index yet.