← back
CVE-2020-12800

CVE-2020-12800

EPSS 78.8%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 78.8%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
11 May 2020Metasploit module available
15 May 2020Public PoC
08 Jun 2020Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.