VYPR

White Label CMS

by WordPress

Source repositories

CVEs (6)

  • CVE-2022-4302HigJan 2, 2023
    risk 0.48cvss 7.2epss 0.18

    The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

  • CVE-2024-43303HigAug 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.

  • CVE-2022-0422MedMar 7, 2022
    risk 0.33cvss 6.1epss 0.08

    The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue

  • CVE-2024-4280MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.00

    The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.

  • CVE-2012-5388Oct 24, 2012
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a…

  • CVE-2012-5387Oct 24, 2012
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name…