Security News > 2024 > August > Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
2024-08-28 04:14

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization,


News URL

https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-6386 Code Injection vulnerability in Wpml
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection.
network
low complexity
wpml CWE-94
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14