Does White Label CMS have any unpatched vulnerabilities?

No. All known vulnerabilities in White Label CMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is White Label CMS compatible with WordPress 6.8.5?

According to WordPress.org data, White Label CMS 2.7.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is White Label CMS compatible with PHP 5.4+?

White Label CMS requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is White Label CMS updated?

White Label CMS was last updated on May 1, 2025. Frequent updates are generally a positive security signal.

What is White Label CMS's security score?

White Label CMS has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

White Label CMS Security & Risk Analysis

wordpress.org/plugins/white-label-cms

Customise dashboard panels and branding, hide menus plus lots more.

200K active installs v2.7.8 PHP 5.4+ WP 3.3+ Updated May 1, 2025

adminbrandingcmscustomdashboard

A · Safe

CVEs total7

Unpatched0

Last CVEAug 16, 2024

Plugin page Download

Safety Verdict

Is White Label CMS Safe to Use in 2026?

Generally Safe

Score 93/100

White Label CMS has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Aug 16, 2024Updated 11mo ago

Risk Assessment

The "white-label-cms" v2.7.8 plugin exhibits a concerning security posture. While it demonstrates good practices in handling SQL queries with prepared statements and performing file operations securely, these strengths are overshadowed by significant weaknesses. The static analysis reveals a substantial attack surface with 4 out of 5 AJAX handlers lacking authentication checks, presenting a clear pathway for unauthorized actions. Furthermore, the output escaping is only properly implemented in 59% of cases, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with unprotected entry points. The plugin's vulnerability history is particularly alarming, with a total of 7 known CVEs, including 3 high-severity and 4 medium-severity issues. Common vulnerability types like Missing Authorization and XSS reinforce the concerns identified in the code analysis. While there are currently no unpatched CVEs, the recurring pattern of critical vulnerabilities suggests potential architectural flaws or ongoing insecure coding practices that could lead to future exploits. The presence of Select2, a bundled library, could also be a concern if it's outdated, though this is not explicitly stated in the provided data.

Key Concerns

4/5 AJAX handlers lack auth checks
Only 59% of outputs properly escaped
7 known CVEs (3 high, 4 medium)
Common vuln types: Missing Auth, XSS, CSRF

Vulnerabilities

White Label CMS Security Vulnerabilities

CVEs by Year

2 CVEs in 2012

2012

1 CVE in 2015

2015

2 CVEs in 2022

2022

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2024-43303medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

White Label CMS <= 2.7.4 - Reflected Cross-Site Scripting

Aug 16, 2024 Patched in 2.7.5 (7d)

CVE-2024-4280medium · 5.3Missing Authorization

White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

May 9, 2024 Patched in 2.7.4 (1d)

CVE-2022-4302high · 7.2Deserialization of Untrusted Data

White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection

Dec 8, 2022 Patched in 2.5 (411d)

CVE-2022-0422medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

White Label MS <= 2.2.8 - Reflected Cross-Site Scripting

Feb 7, 2022 Patched in 2.2.9 (715d)

WF-6b36fcc5-1f09-43b9-8877-7af6c7652db7-white-label-cmsmedium · 4.7Cross-Site Request Forgery (CSRF)

White Label CMS <= 1.5.2 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting

Apr 29, 2015 Patched in 1.5.3 (3191d)

CVE-2012-5387high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

White Label CMS < 1.5.1 - Reflected Cross-Site Scripting

Oct 21, 2012 Patched in 1.5.1 (4111d)

CVE-2012-5388high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

White Label CMS < 1.5.1 - Cross-Site Scripting

Oct 21, 2012 Patched in 1.5.1 (4111d)

Code Analysis

Analyzed Mar 16, 2026

White Label CMS Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

103

148 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared8 total queries

Output Escaping

59% escaped251 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

import (includes\classes\Settings.php:169)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

White Label CMS Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 5

authwp_ajax_hide_vum_dashboardincludes\classes\Admin_Dashboard.php:14

authwp_ajax_wlcms_inital_searchincludes\classes\Admin_Settings.php:13

authwp_ajax_wlcms_search_pagesincludes\classes\Admin_Settings.php:14

authwp_ajax_wlcms_save_login_preview_settingsincludes\classes\Login.php:18

authwp_ajax_wlcms_save_dashboard_preview_settingsincludes\classes\Wizard.php:13

WordPress Hooks 53

actionadmin_menuincludes\classes\Admin_Core.php:8

actionadmin_enqueue_scriptsincludes\classes\Admin_Core.php:9

actionadmin_enqueue_scriptsincludes\classes\Admin_Core.php:53

actionwp_dashboard_setupincludes\classes\Admin_Dashboard.php:13

actionadmin_initincludes\classes\Admin_Dashboard.php:15

actioninitincludes\classes\Admin_Dashboard.php:16

actionwp_dashboard_setupincludes\classes\Admin_Dashboard.php:525

actioninitincludes\classes\Admin_Menus.php:16

actionadmin_initincludes\classes\Admin_Menus.php:17

actionwlcms_save_addtional_settingsincludes\classes\Admin_Menus.php:18

actionadmin_menuincludes\classes\Admin_Menus.php:19

actionwp_before_admin_bar_renderincludes\classes\Admin_Menus.php:20

actionadmin_footerincludes\classes\Admin_Script.php:15

actionwp_footerincludes\classes\Admin_Script.php:16

actionin_admin_headerincludes\classes\Admin_Script.php:17

actionwp_headincludes\classes\Admin_Script.php:18

actionadmin_menuincludes\classes\Admin_Settings.php:8

actionadmin_initincludes\classes\Admin_Settings.php:9

filtermce_cssincludes\classes\Admin_Settings.php:10

actionadmin_initincludes\classes\Admin_Settings.php:11

actioninitincludes\classes\Admin_Settings.php:12

filtershow_admin_barincludes\classes\Admin_Settings.php:78

filterscreen_options_show_screenincludes\classes\Admin_Settings.php:91

actioninitincludes\classes\Branding.php:11

filteradmin_titleincludes\classes\Branding.php:12

actionadmin_bar_menuincludes\classes\Branding.php:13

actionadmin_bar_menuincludes\classes\Branding.php:14

filteradmin_footer_textincludes\classes\Branding.php:15

actionadmin_menuincludes\classes\Branding.php:16

filteradmin_body_classincludes\classes\Branding.php:17

filterupdate_footerincludes\classes\Branding.php:23

actioninitincludes\classes\I18n.php:14

actionlogin_footerincludes\classes\Login.php:11

actioninitincludes\classes\Login.php:12

actionwlcms_before_save_previewincludes\classes\Login.php:14

actionwlcms_save_addtional_settingsincludes\classes\Login.php:15

filterwlcms_setting_fieldsincludes\classes\Login.php:20

actionadmin_noticesincludes\classes\Messages.php:55

filterwp_kses_allowed_htmlincludes\classes\Settings.php:10

actionadmin_initincludes\classes\Settings.php:11

filterplugin_action_linksincludes\classes\Settings.php:12

actionwlcms_after_bodyincludes\classes\Settings.php:13

actionadmin_initincludes\classes\Upgrade.php:14

actionin_admin_headerincludes\classes\Welcome_Messages\Welcome_Messages_Beaver_Builder.php:14

actionadmin_enqueue_scriptsincludes\classes\Welcome_Messages\Welcome_Messages_Beaver_Builder.php:15

actionin_admin_headerincludes\classes\Welcome_Messages\Welcome_Messages_Elementor.php:13

actionin_admin_headerincludes\classes\Welcome_Messages\Welcome_Messages_Html.php:12

actionwpincludes\classes\Welcome_Messages\Welcome_Messages_Page.php:16

filtershow_admin_barincludes\classes\Welcome_Messages\Welcome_Messages_Page.php:29

actionin_admin_headerincludes\classes\Welcome_Messages\Welcome_Messages_Page.php:40

filterwlcms_setting_fieldsincludes\classes\Wizard.php:10

actionwlcms_save_addtional_settingsincludes\classes\Wizard.php:14

actionwlcms_before_save_previewincludes\classes\Wizard.php:15

Maintenance & Trust

White Label CMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 1, 2025

PHP min version5.4

Downloads4.3M

Community Trust

Rating94/100

Number of ratings114

Active installs200K

Alternatives

White Label CMS Alternatives

Default Admin Color Scheme

default-admin-color-scheme

100

Select a default admin color scheme for new and existing users. Optionally disable the color scheme picker to force a color scheme for all users.

800 No CVEs

WP White Label

wp-white-label

The WP White Label plugin is for developers who want to give their clients a more personalised and less confusing content management system.

20 No CVEs

Admin Tailor – Professional Brand Customizer

admin-tailor

100

Transform WordPress into your branded platform. Complete white-label solution for agencies, freelancers, and businesses building professional sites.

0 No CVEs

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs

AGCA – Custom Dashboard & Login Page

ag-custom-admin

CHANGE: admin menu, login page, admin bar, dashboard widgets, custom colors, custom CSS & JS, logo & images

20K 5 CVEs

Developer Profile

White Label CMS Developer Profile

Video User Manuals

1 plugin · 200K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1792 days

View full developer profile

Detection Fingerprints

How We Detect White Label CMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/white-label-cms/assets/css/admin-settings.css/wp-content/plugins/white-label-cms/assets/js/ays-beforeunload-shim.js/wp-content/plugins/white-label-cms/assets/js/jquery-areyousure.js/wp-content/plugins/white-label-cms/assets/js/jquery.validate.min.js/wp-content/plugins/white-label-cms/assets/js/select2.min.js/wp-content/plugins/white-label-cms/assets/js/admin.js/wp-content/plugins/white-label-cms/assets/js/admin-settings.js

Script Paths

/wp-content/plugins/white-label-cms/assets/js/admin.js/wp-content/plugins/white-label-cms/assets/js/admin-settings.js/wp-content/plugins/white-label-cms/assets/js/jquery.validate.min.js/wp-content/plugins/white-label-cms/assets/js/ays-beforeunload-shim.js/wp-content/plugins/white-label-cms/assets/js/jquery-areyousure.js/wp-content/plugins/white-label-cms/assets/js/select2.min.js

Version Parameters

white-label-cms/assets/css/admin-settings.css?ver=white-label-cms/assets/js/ays-beforeunload-shim.js?ver=white-label-cms/assets/js/jquery-areyousure.js?ver=white-label-cms/assets/js/jquery.validate.min.js?ver=white-label-cms/assets/js/select2.min.js?ver=white-label-cms/assets/js/admin.js?ver=white-label-cms/assets/js/admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wlcms-settings

HTML Comments

Data Attributes

wlcms_settings

JS Globals