This morning we released a security update for White Label CMS. We would like to thank research.g0blin.co.uk for bringing it to our attention.
It has a low / medium CVSS score and relates to the Import functionality. It could only be triggered if you have Administrator access.
We have improved the use of WordPress nonces and enhanced validation on import functionality.
Given all the security updates which are happening in WordPress right now, we would like to once again thank research.g0blin.co.uk. He will provide a full explanation of his report within the week after this release has gone out and we will link to this.