CVE-2012-5388

Name of the Vulnerable Software and Affected Versions White Label CMS plugin version 1.5 for WordPress

Description A cross-site scripting (XSS) issue allows remote authenticated administrators to inject arbitrary web script or HTML. This is achieved via the wlcms o developer name parameter in a save action to "wp-admin/admin.php".

Recommendations For White Label CMS plugin version 1.5, avoid using the wlcms o developer name parameter in the save action to "wp-admin/admin.php" until the issue is resolved. As a temporary workaround, consider restricting access to the wp-admin/admin.php endpoint to minimize the risk of exploitation.