CVE-2012-5387

by Fred · 24/10/2012

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Date published : 2012-10-24

http://www.securityfocus.com/bid/56166

http://wordpress.org/extend/plugins/white-label-cms/changelog/

CVE-2012-5387

Similar

Recent Posts

Categories

CVE-2012-5387

Share this:

Similar

Recent Posts

Categories

Tags