[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnjOqPtlgr2PCfLxRbPyXAlY2se8KmWt_jJYyXr1TdOU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2012-1011","allwebmenus-wordpress-menu-plugin-arbitrary-file-upload","AllWebMenus WordPress Menu Plugin \u003C= 1.1.8 - Arbitrary File Upload","The \"AllWebMenus WordPress Menu Plugin\" plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the actions.php file in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. In versions 1.1.8, it's required to set the HTTP_REFERER to a certain value in order to bypass the referer protection added in v1.1.8.","allwebmenus-wordpress-menu-plugin",null,"\u003C=1.1.8","1.1.9","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2012-01-22 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5754ffd6-81bb-491b-9272-627e8c52a22c?source=api-prod",4384]