CVE-2012-5387

Опубликовано: 24 окт. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:videousermanuals:white-label-cms:*:*:*:*:*:*:*:*

Версия до 1.5 (включая)

cpe:2.3:a:videousermanuals:white-label-cms:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.1:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.2:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.3:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:videousermanuals:white-label-cms:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01199

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-f4fw-rj48-wj4q

github

около 3 лет назад