Description
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79520
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/22156/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56166
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Patch x_refsource_confirm
http://wordpress.org/extend/plugins/white-label-cms/changelog/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/86568
Scores
EPSS
0.0131
EPSS Percentile
79.9%
Details
CWE
CWE-352
Status
published
Products (16)
videousermanuals/white-label-cms
1.0.2
videousermanuals/white-label-cms
1.0.3
videousermanuals/white-label-cms
1.0.4
videousermanuals/white-label-cms
1.0.5
videousermanuals/white-label-cms
1.1
videousermanuals/white-label-cms
1.2
videousermanuals/white-label-cms
1.3
videousermanuals/white-label-cms
1.4
videousermanuals/white-label-cms
1.4.1
videousermanuals/white-label-cms
1.4.2
... and 6 more
Published
Oct 24, 2012
Tracked Since
Feb 18, 2026