CVE-2012-5387

Currently unrated

Key Information:

Vendor: Wordpress
Status: White-label-cms
Vendor: CVE Published:; 24 October 2012

Summary

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79520

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/22156/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/56166

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 24, 2012
Vulnerability Reserved
Oct 15, 2012