Cross-Site Scripting Vulnerability in White Label CMS Plugin for WordPress
CVE-2012-5388

Currently unrated

Key Information:

Vendor

Wordpress
Status
White-label-cms
Vendor
CVE Published:
24 October 2012

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2012-5388?

The vulnerability in the White Label CMS plugin for WordPress allows authenticated administrators to exploit Cross-Site Scripting (XSS) due to improper handling of the 'wlcms_o_developer_name' parameter. This exploitation occurs during a save action to the wp-admin/admin.php file, enabling remote attackers to inject arbitrary scripts or HTML. The vulnerability poses a risk to websites utilizing this plugin, making it essential for administrators to implement appropriate security measures.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-5388 - Proof of Concept

References

http://www.exploit-db.com/exploits/22156/
exploitx_refsource_EXPLOIT-DB
http://wordpress.org/extend/plugins/white-label-cms/chang...
x_refsource_MISC
http://www.securityfocus.com/bid/56166
vdb-entryx_refsource_BID

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.