Description
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69929
Patch x_refsource_confirm
http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304&old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49685
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17861
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46068
Scores
EPSS
0.0296
EPSS Percentile
86.5%
Details
CWE
CWE-94
Status
published
Products (1)
likno/allwebmenus_plugin
1.1.3
Published
Oct 04, 2011
Tracked Since
Feb 18, 2026