Cross-Site Request Forgery Vulnerability in White Label CMS Plugin for WordPress
CVE-2012-5387

Currently unrated

Key Information:

Vendor: Wordpress
Status: White-label-cms
Vendor: CVE Published:; 24 October 2012

Summary

A cross-site request forgery (CSRF) vulnerability exists in the wlcms-plugin.php file of the White Label CMS plugin for WordPress prior to version 1.5.1. This flaw can be exploited by remote attackers who can hijack the authentication of administrators. By sending a specially crafted request, attackers can modify the developer name using the ‘wlcms_o_developer_name’ parameter during a save action to wp-admin/admin.php. This attack can inject XSS sequences, potentially compromising the security of the WordPress installation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79520

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/22156/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/56166

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 24, 2012
Vulnerability Reserved
Oct 15, 2012