Likno : Security Vulnerabilities, CVEs, CVSS score >= 4
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Max CVSS
7.5
EPSS Score
3.63%
Published
2012-02-07
Updated
2017-08-29
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Max CVSS
7.5
EPSS Score
1.93%
Published
2012-02-07
Updated
2017-08-29
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Max CVSS
7.5
EPSS Score
4.16%
Published
2011-10-04
Updated
2017-08-29
3 vulnerabilities found