cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4280,https://securityvulnerability.io/vulnerability/CVE-2024-4280,Unauthorized Modification of Data Vulnerability in White Label CMS for WordPress,"The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.",Wordpress,White Label Cms,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2022-4302,https://securityvulnerability.io/vulnerability/CVE-2022-4302,White Label CMS < 2.5 - Admin+ PHP Object Injection,"The White Label CMS plugin for WordPress versions before 2.5 is susceptible to PHP Object Injection due to improper handling of unserialized user input through its settings. This vulnerability allows users with higher privileges, such as administrators, to exploit the flaw and potentially execute arbitrary PHP code if a suitable gadget is used in the attack.",Wordpress,White Label Cms,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-01-02T21:49:18.707Z,0
CVE-2022-0422,https://securityvulnerability.io/vulnerability/CVE-2022-0422,White Label MS < 2.2.9 - Reflected Cross-Site Scripting,"The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue",Wordpress,White Label Cms,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,false,false,2022-03-07T08:16:34.000Z,0
CVE-2012-5388,https://securityvulnerability.io/vulnerability/CVE-2012-5388,,"Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.",Wordpress,White-label-cms,,,0.0013000000035390258,false,,false,false,false,,false,false,2012-10-24T10:00:00.000Z,0
CVE-2012-5387,https://securityvulnerability.io/vulnerability/CVE-2012-5387,,"Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.",Wordpress,White-label-cms,,,0.005609999876469374,false,,false,false,false,,false,false,2012-10-24T10:00:00.000Z,0