CVE-2012-1010

AllWebMenus <1.1.8 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1010. PoCs published by 6Scan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in the AllWebMenus WordPress Menu Plugin versions < 1.1.9. The vulnerability allows unauthorized users to upload malicious files via the 'actions.php' script due to insufficient input validation and referrer checks.

Description

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

Exploits (1)

exploitdb WORKING POC

by 6Scan · textwebappsphp

https://www.exploit-db.com/exploits/18407

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in the AllWebMenus WordPress Menu Plugin versions < 1.1.9. The vulnerability allows unauthorized users to upload malicious files via the 'actions.php' script due to insufficient input validation and referrer checks.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AllWebMenus WordPress Menu Plugin < 1.1.9

No auth needed

Prerequisites: Access to the target WordPress site · Ability to send HTTP requests to the vulnerable endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18407

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51615

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

Product x_refsource_confirm

http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47659

Scores

EPSS 0.0952

EPSS Percentile 94.8%

Details

CWE

CWE-20

Status published

Products (22)

likno/allwebmenus_plugin 1.0.1

likno/allwebmenus_plugin 1.0.3

likno/allwebmenus_plugin 1.0.4

likno/allwebmenus_plugin 1.0.9

likno/allwebmenus_plugin 1.0.10

likno/allwebmenus_plugin 1.0.11

likno/allwebmenus_plugin 1.0.12

likno/allwebmenus_plugin 1.0.17

likno/allwebmenus_plugin 1.0.18

likno/allwebmenus_plugin 1.0.19

... and 12 more

Published Feb 07, 2012

Tracked Since Feb 18, 2026