Unrestricted File Upload Vulnerability in AllWebMenus Plugin for WordPress
CVE-2012-1010

Currently unrated

Key Information:

Vendor: Wordpress
Status: Allwebmenus Plugin
Vendor: CVE Published:; 7 February 2012

Summary

The AllWebMenus plugin for WordPress prior to version 1.1.9 contains an unrestricted file upload vulnerability. This allows attackers to upload a ZIP file that contains arbitrary PHP code. Once uploaded, they can execute this code by directly accessing it through an unspecified directory. This type of vulnerability poses a significant security threat, enabling malicious users to compromise the server and potentially gain further access to sensitive information.

References

http://www.exploit-db.com/exploits/18407

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/51615

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

vdb-entryx_refsource_XF

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 7, 2012
Vulnerability Reserved
Feb 7, 2012