Published: 24/10/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin prior to 1.5.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videousermanuals white-label-cms 1.4.1
videousermanuals white-label-cms 1.4
videousermanuals white-label-cms 1.0.2
videousermanuals white-label-cms 1.4.3
videousermanuals white-label-cms 1.4.2
videousermanuals white-label-cms 1.0.4
videousermanuals white-label-cms 1.0.3
videousermanuals white-label-cms
videousermanuals white-label-cms 1.4.7
videousermanuals white-label-cms 1.3
videousermanuals white-label-cms 1.2
videousermanuals white-label-cms 1.4.6
videousermanuals white-label-cms 1.4.5
videousermanuals white-label-cms 1.4.4
videousermanuals white-label-cms 1.1
videousermanuals white-label-cms 1.0.5

# Exploit Title: White Label CMS v 15 CSRF w/ persistent XSS # Date: 21/10/2012 # Exploit Author: pcsjj # Vendor Homepage: wwwvideousermanualscom/white-label-cms/ # Version: 15 # Software Link: pluginssvnwordpressorg/white-label-cms/branches/ # Downloads: 110,313 # CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS) <html> & ...

White Label CMS version 15 suffers from cross site request forgery and cross site scripting vulnerabilities ...

CWE-352 http://www.exploit-db.com/exploits/22156/http://wordpress.org/extend/plugins/white-label-cms/changelog/http://osvdb.org/86568 http://www.securityfocus.com/bid/56166 http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79520 https://nvd.nist.gov https://www.exploit-db.com/exploits/22156/

CVE-2012-5387

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect