Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
2012-10-24T17:55:02.030
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | videousermanuals | white-label-cms | ≤ 1.5 | Yes |
| Application | videousermanuals | white-label-cms | 1.0.2 | Yes |
| Application | videousermanuals | white-label-cms | 1.0.3 | Yes |
| Application | videousermanuals | white-label-cms | 1.0.4 | Yes |
| Application | videousermanuals | white-label-cms | 1.0.5 | Yes |
| Application | videousermanuals | white-label-cms | 1.1 | Yes |
| Application | videousermanuals | white-label-cms | 1.2 | Yes |
| Application | videousermanuals | white-label-cms | 1.3 | Yes |
| Application | videousermanuals | white-label-cms | 1.4 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.1 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.2 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.3 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.4 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.5 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.6 | Yes |
| Application | videousermanuals | white-label-cms | 1.4.7 | Yes |
| Application | wordpress | wordpress | - | No |