Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wpml Security Vulnerabilities

cve
cve

CVE-2015-2314

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

8.6AI Score

0.008EPSS

2015-03-17 03:59 PM
56
cve
cve

CVE-2015-2315

Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.

5.9AI Score

0.011EPSS

2015-03-17 03:59 PM
38
cve
cve

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.

6.9AI Score

0.008EPSS

2015-03-30 02:59 PM
36
cve
cve

CVE-2015-2792

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET para...

7.1AI Score

0.016EPSS

2015-03-30 02:59 PM
34
cve
cve

CVE-2018-18069

process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-08 10:29 PM
42
cve
cve

CVE-2022-38461

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).

5.4CVSS

4.5AI Score

0.001EPSS

2022-11-17 10:15 PM
136
6
cve
cve

CVE-2022-38974

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

4.3CVSS

4.5AI Score

0.001EPSS

2022-11-18 07:15 PM
38
3
cve
cve

CVE-2022-45071

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-17 10:15 PM
50
7
cve
cve

CVE-2022-45072

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.

4.3CVSS

5.1AI Score

0.001EPSS

2022-11-17 10:15 PM
41
7
cve
cve

CVE-2024-6386

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Co...

9.9CVSS

9.7AI Score

0.001EPSS

2024-08-21 09:15 PM
56