PT-2026-57409 · WordPress · White Label Cms
Tal Kantor
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-11898
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
White Label CMS versions prior to 2.7.13
Description
Stored Cross-Site Scripting occurs via admin settings due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level permissions or higher can inject arbitrary web scripts into pages. These scripts execute when a user accesses the affected page. This issue specifically impacts multi-site installations and environments where
unfiltered html has been disabled.Recommendations
Update White Label CMS to version 2.7.13 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
White Label Cms