Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-11-17
Updated
2022-11-22
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
Max CVSS
8.8
EPSS Score
0.06%
Published
2022-11-17
Updated
2022-11-22
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-11-18
Updated
2022-11-21
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-11-17
Updated
2023-07-21
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-10-08
Updated
2018-11-23
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2015-03-30
Updated
2015-03-31
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
Max CVSS
6.4
EPSS Score
0.82%
Published
2015-03-30
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
Max CVSS
4.3
EPSS Score
1.10%
Published
2015-03-17
Updated
2018-10-09
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
Max CVSS
7.5
EPSS Score
1.26%
Published
2015-03-17
Updated
2018-10-09
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!