Cross-Site Request Forgery Vulnerability in White Label CMS Plugin for WordPress
CVE-2012-5387

Currently unrated

Key Information:

Vendor

Wordpress
Status
White-label-cms
Vendor
CVE Published:
24 October 2012

What is CVE-2012-5387?

A cross-site request forgery (CSRF) vulnerability exists in the wlcms-plugin.php file of the White Label CMS plugin for WordPress prior to version 1.5.1. This flaw can be exploited by remote attackers who can hijack the authentication of administrators. By sending a specially crafted request, attackers can modify the developer name using the ‘wlcms_o_developer_name’ parameter during a save action to wp-admin/admin.php. This attack can inject XSS sequences, potentially compromising the security of the WordPress installation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79520
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/22156/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/56166
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.