CVE-2012-5387

Name of the Vulnerable Software and Affected Versions White Label CMS plugin versions prior to 1.5.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms o developer name parameter in a save action to "wp-admin/admin.php". This can be exploited by including XSS sequences in the developer name.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php" endpoint to minimize the risk of exploitation. Avoid using the wlcms o developer name parameter in the affected save action until the issue is resolved.