Unrestricted File Upload Vulnerability in AllWebMenus Plugin for WordPress
CVE-2012-1010

Currently unrated

Key Information:

Vendor

Wordpress
Status
Allwebmenus Plugin
Vendor
CVE Published:
7 February 2012

What is CVE-2012-1010?

The AllWebMenus plugin for WordPress prior to version 1.1.9 contains an unrestricted file upload vulnerability. This allows attackers to upload a ZIP file that contains arbitrary PHP code. Once uploaded, they can execute this code by directly accessing it through an unspecified directory. This type of vulnerability poses a significant security threat, enabling malicious users to compromise the server and potentially gain further access to sensitive information.

References

http://www.exploit-db.com/exploits/18407
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/51615
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/72640
vdb-entryx_refsource_XF

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.