cbcvebase.
CVE-2012-1010
published 2012-02-07

CVE-2012-1010: Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP…

PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.52%
94.8th percentile
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

Affected

22 ranges
VendorProductVersion rangeFixed in
liknoallwebmenus_plugin<= 1.1.7
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin
liknoallwebmenus_plugin

Detection & IOCsextracted from sources · hover to see the quote

pathactions.php
urlwp-admin/options-general.php?page=allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu.php
  • Detect ZIP file upload requests to actions.php in the AllWebMenus WordPress plugin; a ZIP containing a PHP file is the exploit delivery mechanism.
  • Monitor HTTP requests where the Referer header is set to 'wp-admin/options-general.php?page=allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu.php' combined with a file upload action — this is the spoofed referrer required by the exploit.
  • Alert on unauthenticated or low-privilege POST requests to actions.php within the AllWebMenus plugin path, particularly those uploading files named awm.zip.
  • ·Version 1.1.8 added a Referer check as a partial mitigation, but it can be bypassed by spoofing the HTTP_REFERER header — patching to >=1.1.8 alone is insufficient if the upload endpoint remains exposed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.