The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2015-03-30
Updated
2015-03-31
1 vulnerabilities found