WordPress White Label CMS Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities

White Label CMS plugin for WordPress is prone to an HTML-injection vulnerability and a cross-site request-forgery vulnerability because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.

White Label CMS 1.5 is vulnerable; prior versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus