Wpml

Wpml

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-3488

  • EPSS 0.03%
  • Published 02.05.2025 05:22:33
  • Last modified 06.05.2025 13:42:26

The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

8.8

CVE-2024-6386

Exploit
  • EPSS 72.42%
  • Published 21.08.2024 21:15:08
  • Last modified 27.09.2024 13:25:43

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes...

4.3

CVE-2022-38974

  • EPSS 0.22%
  • Published 18.11.2022 19:15:29
  • Last modified 21.11.2024 07:17:17

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

8.8

CVE-2022-45071

  • EPSS 0.19%
  • Published 17.11.2022 22:15:11
  • Last modified 21.11.2024 07:28:43

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.

4.3

CVE-2022-45072

  • EPSS 0.2%
  • Published 17.11.2022 22:15:11
  • Last modified 21.11.2024 07:28:43

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.

4.3

CVE-2022-38461

  • EPSS 0.13%
  • Published 17.11.2022 22:15:10
  • Last modified 21.11.2024 07:16:31

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media cont...

6.1

CVE-2018-18069

Exploit
  • EPSS 8.39%
  • Published 08.10.2018 22:29:00
  • Last modified 21.11.2024 03:55:25

process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.

7.5

CVE-2015-2792

Exploit
  • EPSS 0.43%
  • Published 30.03.2015 14:59:12
  • Last modified 12.04.2025 10:46:40

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET par...

6.4

CVE-2015-2791

Exploit
  • EPSS 13.63%
  • Published 30.03.2015 14:59:11
  • Last modified 12.04.2025 10:46:40

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.

4.3

CVE-2015-2315

Exploit
  • EPSS 5.93%
  • Published 17.03.2015 15:59:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.