ThreatPress

WordPress Vulnerabilities Database

Back

WordPress White Label CMS Plugin <= 1.5.0 - CSRF

Product
White Label CMS
Description
Because of this vulnerability in wlcms-plugin.php, the attackers can hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2012-5387
Versions
Affected In <= 1.5.0
Fixed In 1.5.1
Disclosure date
2012-10-15
Credits
pcsjj