Vulnerability Details : CVE-2012-5387
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2012-5387
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less