PLUGIN SECURITY
Is White Label Cms safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the White Label Cms WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
white-label-cms - Requires PHP: 5.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- White Label CMS [white-label-cms] < 2.2.9 [CVE-2022-0422, White Label MS <= 2.2.8 - Reflected Cross-Site Scripting, White Label MS < 2.2.9 - Reflected Cross-Site Scripting]
- White Label CMS [white-label-cms] < 1.5.1 [CVE-2012-5387, WordPress White Label CMS Plugin <= 1.5.0 - CSRF, White Label CMS < 1.5.1 - Reflected Cross-Site Scripting]
- White Label CMS [white-label-cms] < 1.5.1 [CVE-2012-5388, WordPress White Label CMS Plugin <= 1.5 - XSS, White Label CMS < 1.5.1 - Cross-Site Scripting, White Label CMS - Cross-Site Request Forgery]
- White Label CMS [white-label-cms] < 1.5.3 [WordPress White Label CMS Plugin <= 1.5.2 - Stored Cross Site Scripting]
- White Label CMS [white-label-cms] < 2.5 [CVE-2022-4302, White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection, WordPress White Label CMS Plugin < 2.5 is vulnerable to PHP Object Injection, White Label CMS < 2.5 - Admin+ PHP Object Injection]
+ 5 more known vulnerabilities
- White Label CMS [white-label-cms] < 1.5.3 [White Label CMS <= 1.5.2 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting]
- White Label CMS [white-label-cms] < 1.5.3 [White Label CMS <= 1.5.2 - Stored XSS]
- White Label CMS [white-label-cms] < 2.7.4 [CVE-2024-4280, White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset, WordPress White Label CMS Plugin <= 2.7.3 is vulnerable to Broken Access Control]
- White Label CMS [white-label-cms] < 2.7.5 [CVE-2024-43303, WordPress White Label CMS Plugin <= 2.7.4 is vulnerable to Cross Site Scripting (XSS), White Label CMS <= 2.7.4 - Reflected Cross-Site Scripting]
- White Label CMS [white-label-cms] < 2.7.13 [CVE-2026-11898, White Label CMS <= 2.7.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import Settings]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Table of Contents Plus — 200000+ active installs — max PHP 8.4
- List category posts — 80000+ active installs — max PHP 8.4
- Theme My Login — 60000+ active installs — max PHP 8.4
- Cornerstone — 30000+ active installs
- Rich Table of Contents — 20000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.