Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
likno allwebmenus_plugin 1.0.12 |
||
likno allwebmenus_plugin 1.0.17 |
||
likno allwebmenus_plugin 1.1.1 |
||
likno allwebmenus_plugin 1.1.2 |
||
likno allwebmenus_plugin 1.0.10 |
||
likno allwebmenus_plugin 1.0.11 |
||
likno allwebmenus_plugin 1.0.23 |
||
likno allwebmenus_plugin 1.0.24 |
||
likno allwebmenus_plugin |
||
likno allwebmenus_plugin 1.0.4 |
||
likno allwebmenus_plugin 1.0.9 |
||
likno allwebmenus_plugin 1.0.21 |
||
likno allwebmenus_plugin 1.0.22 |
||
likno allwebmenus_plugin 1.1.5 |
||
likno allwebmenus_plugin 1.1.6 |
||
likno allwebmenus_plugin 1.0.1 |
||
likno allwebmenus_plugin 1.0.3 |
||
likno allwebmenus_plugin 1.0.18 |
||
likno allwebmenus_plugin 1.0.19 |
||
likno allwebmenus_plugin 1.0.20 |
||
likno allwebmenus_plugin 1.1.3 |
||
likno allwebmenus_plugin 1.1.4 |