Vulnerabilities > Videousermanuals
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-4302 | Unspecified vulnerability in Videousermanuals White Label CMS 2.2.9 The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 |
2022-03-07 | CVE-2022-0422 | Cross-site Scripting vulnerability in Videousermanuals White Label CMS The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue | 6.1 |