The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin...
5.3CVSS
6.6AI Score
0.0005EPSS
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is...
7.2CVSS
7.1AI Score
0.001EPSS
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action.....
6.5AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to...
5.5AI Score
0.006EPSS