Videousermanuals White Label Cms vulnerabilities
3 known vulnerabilities affecting videousermanuals/white_label_cms.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-0422P3MEDIUMCVSS 6.1PoCfixed in 2.2.92022-03-07
CVE-2022-0422 [MEDIUM] CWE-79 CVE-2022-0422: The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_cu
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
nvd
CVE-2022-4302P3HIGHCVSS 7.2fixed in 2.52023-01-02
CVE-2022-4302 [HIGH] CWE-502 CVE-2022-4302: The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
nvd
CVE-2024-4280P4MEDIUMCVSS 5.3≤ 2.7.32024-05-14
CVE-2024-4280 [MEDIUM] CWE-862 CVE-2024-4280: The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.
nvd