ThreatPress

WordPress Vulnerabilities Database

Back

WordPress White Label CMS Plugin <= 1.5 - XSS

Product
White Label CMS
Description
Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcms_o_developer_name" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2012-5388
Versions
Affected In <= 1.5
Fixed In 1.6
Disclosure date
2012-10-15
Credits
pcsjj