MidnightBSD

Advisories for likno

CVE-2011-3981 HIGH

PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
likno allwebmenus_plugin 1.1.3
CVE-2012-1010 HIGH

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
likno allwebmenus_plugin 1.0.12
likno allwebmenus_plugin 1.0.11
likno allwebmenus_plugin 1.0.19
likno allwebmenus_plugin 1.1.5
likno allwebmenus_plugin 1.0.3
likno allwebmenus_plugin 1.0.23
likno allwebmenus_plugin 1.0.24
likno allwebmenus_plugin 1.0.4
likno allwebmenus_plugin 1.0.17
likno allwebmenus_plugin 1.0.18
likno allwebmenus_plugin 1.0.22
likno allwebmenus_plugin 1.0.10
likno allwebmenus_plugin 1.1.1
likno allwebmenus_plugin 1.1.2
likno allwebmenus_plugin 1.1.6
likno allwebmenus_plugin 1.0.9
likno allwebmenus_plugin 1.0.21
likno allwebmenus_plugin 1.1.4
likno allwebmenus_plugin *
likno allwebmenus_plugin 1.0.20
likno allwebmenus_plugin 1.1.3
likno allwebmenus_plugin 1.0.1
CVE-2012-1011 HIGH

actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
likno allwebmenus_plugin 1.1.8