AllWebMenus plugin is prone to a arbitrary file upload vulnerability that occurs because the application fails to adequately clean up user-supplied input. Lack of checks in script actions.php allows an attacker to upload upload any file to the vulnerable server. Other attacks are also possible.
Upgrade the plugin.