White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

CVE-2012-5387

The CVE-2012-5387 entry refers to a CSRF vulnerability in the White Label CMS WordPress plugin (wlcms-plugin.php) before version 1.5.1. The underlying flaw allows remote attackers to hijack administrator authentication by submitting a request to wp-admin/admin.php with the wlcms_o_developer_name ...

CVE-2012-5388

CVE-2012-5388 is an XSS vulnerability in the White Label CMS plugin for WordPress (wlcms-plugin.php) version 1.5. It allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter during a save action to wp-admin/admin.php. This is relat...

WordPress White Label CMS Plugin <= 1.5 - XSS

Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...