Unrated severityNVD Advisory· Published Feb 7, 2012· Updated Apr 29, 2026
CVE-2012-1011
CVE-2012-1011
Description
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Affected products
1- cpe:2.3:a:likno:allwebmenus_plugin:1.1.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/nvdPatch
- archives.neohapsis.com/archives/bugtraq/2012-01/0137.htmlnvdExploit
- www.exploit-db.com/exploits/18407nvdExploit
- secunia.com/advisories/47659nvdVendor Advisory
- www.securityfocus.com/bid/51615nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72640nvd
News mentions
0No linked articles in our index yet.