Vulnerabilities and security researches forwhite-label-cms white-label-cms

Jun 06, 2024

CVE, Research URL: CVE-2012-5388
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: Oct 24, 2012
Research Description: Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-4280
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: May 14, 2024
Research Description: The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0422
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: Mar 07, 2022
Research Description: The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2012-5387
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: Oct 24, 2012
Research Description: Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4302
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: Jan 03, 2023
Research Description: The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Affected versions: Min -, max -.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43303
Home page URL: Security reports for White Label CMS
Application: White Label CMS
Date: Aug 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.
Affected versions: Min -, max -.
Status: vulnerable