6Scan security team

5 exploits Active since Jan 2012
CVE-2012-1010 EXPLOITDB text WORKING POC
AllWebMenus <1.1.8 - Code Injection
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2012-0895 EXPLOITDB text WORKING POC
WordPress <3.1.1 - XSS
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2012-1011 EXPLOITDB text WORKING POC
AllWebMenus 1.1.8 - Auth Bypass
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2012-0896 EXPLOITDB text WORKING POC
WordPress <3.1.1 - Path Traversal
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
EIP-2026-113879 EXPLOITDB text WORKING POC
WordPress Plugin Mailing List - Arbitrary File Download