CVE-2012-1010

Name of the Vulnerable Software and Affected Versions AllWebMenus plugin versions prior to 1.1.8

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file and then accessing it via a direct request. This is due to an unrestricted file upload vulnerability in the actions.php file of the AllWebMenus plugin for WordPress.

Recommendations For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the actions.php file to minimize the risk of exploitation. Avoid using the plugin's file upload functionality until the issue is resolved.