CVE-2012-1010

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
liknoallwebmenus_plugin
𝑥
≤ 1.1.7
liknoallwebmenus_plugin
1.0.1
liknoallwebmenus_plugin
1.0.3
liknoallwebmenus_plugin
1.0.4
liknoallwebmenus_plugin
1.0.9
liknoallwebmenus_plugin
1.0.10
liknoallwebmenus_plugin
1.0.11
liknoallwebmenus_plugin
1.0.12
liknoallwebmenus_plugin
1.0.17
liknoallwebmenus_plugin
1.0.18
liknoallwebmenus_plugin
1.0.19
liknoallwebmenus_plugin
1.0.20
liknoallwebmenus_plugin
1.0.21
liknoallwebmenus_plugin
1.0.22
liknoallwebmenus_plugin
1.0.23
liknoallwebmenus_plugin
1.0.24
liknoallwebmenus_plugin
1.1.1
liknoallwebmenus_plugin
1.1.2
liknoallwebmenus_plugin
1.1.3
liknoallwebmenus_plugin
1.1.4
liknoallwebmenus_plugin
1.1.5
liknoallwebmenus_plugin
1.1.6
𝑥
= Vulnerable software versions