Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin prior to 1.5.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videousermanuals white-label-cms 1.4.1 |
||
videousermanuals white-label-cms 1.4 |
||
videousermanuals white-label-cms 1.0.2 |
||
videousermanuals white-label-cms 1.4.3 |
||
videousermanuals white-label-cms 1.4.2 |
||
videousermanuals white-label-cms 1.0.4 |
||
videousermanuals white-label-cms 1.0.3 |
||
videousermanuals white-label-cms |
||
videousermanuals white-label-cms 1.4.7 |
||
videousermanuals white-label-cms 1.3 |
||
videousermanuals white-label-cms 1.2 |
||
videousermanuals white-label-cms 1.4.6 |
||
videousermanuals white-label-cms 1.4.5 |
||
videousermanuals white-label-cms 1.4.4 |
||
videousermanuals white-label-cms 1.1 |
||
videousermanuals white-label-cms 1.0.5 |