WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress White Label CMS Plugin prior to 2.2.9, which stems from the plugin’s failure to clean and validate the wlcms[_login_custom_js] parameter. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress white label cms plugin | lt | 2.2.9 |