Vulnerabilities > CVE-2022-38461 - Unspecified vulnerability in Wpml

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpml

NVD

Published: 2022-11-17

Updated: 2023-07-21

Summary

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).

Vulnerable Configurations

Part	Description	Count
Application	Wpml Wpml Wpml 1.3.3 Wpml Wpml 1.3.4 Wpml Wpml 1.3.5 Wpml Wpml 1.4.0 Wpml Wpml 1.5.0 Wpml Wpml 1.5.1 Wpml Wpml 1.6.0 Wpml Wpml 1.7.0 Wpml Wpml 1.7.1 Wpml Wpml 1.7.2 Wpml Wpml 1.7.3 Wpml Wpml 1.7.4 Wpml Wpml 1.7.6 Wpml Wpml 1.7.7 Wpml Wpml 1.7.8 Wpml Wpml 1.7.9 Wpml Wpml 1.8.0 Wpml Wpml 1.8.1 Wpml Wpml 1.8.2 Wpml Wpml 2.0 Wpml Wpml 2.0.1 Wpml Wpml 2.0.3 Wpml Wpml 2.0.4.1 Wpml Wpml 2.1.0 Wpml Wpml 2.1.1 Wpml Wpml 2.1.2 Wpml Wpml 2.2.0 Wpml Wpml 2.2.1 Wpml Wpml 2.2.2 Wpml Wpml 2.2.2.1 Wpml Wpml 2.3.0 Wpml Wpml 2.3.1 Wpml Wpml 2.3.2 Wpml Wpml 2.3.3 Wpml Wpml 2.3.4 Wpml Wpml 2.4.0 Wpml Wpml 2.4.1 Wpml Wpml 2.4.2 Wpml Wpml 2.4.3 Wpml Wpml 2.5.1 Wpml Wpml 2.5.2 Wpml Wpml 2.6.0 Wpml Wpml 2.6.1 Wpml Wpml 2.6.2 Wpml Wpml 2.6.3 Wpml Wpml 2.6.4 Wpml Wpml 2.7 Wpml Wpml 2.8 Wpml Wpml 2.8.2 Wpml Wpml 2.9 Wpml Wpml 2.9.1 Wpml Wpml 2.9.2 Wpml Wpml 2.9.3 Wpml Wpml 3.0 Wpml Wpml 3.1 Wpml Wpml 3.1.4 Wpml Wpml 3.1.5 Wpml Wpml 3.1.6 Wpml Wpml 3.1.7 Wpml Wpml 3.1.8 Wpml Wpml 3.1.9 Wpml Wpml 3.1.9.4 Wpml Wpml 3.2 Wpml Wpml 3.2.3 Wpml Wpml 3.2.4 Wpml Wpml 3.2.5 Wpml Wpml 3.3 Wpml Wpml 3.3.1 Wpml Wpml 3.3.5 Wpml Wpml 3.3.6 Wpml Wpml 3.3.7 Wpml Wpml 3.4 Wpml Wpml 3.4.1 Wpml Wpml 3.5 Wpml Wpml 3.5.1.1 Wpml Wpml 3.5.2 Wpml Wpml 3.6.0 Wpml Wpml 3.6.2 Wpml Wpml 3.6.3 Wpml Wpml 3.7.0 Wpml Wpml 3.7.1 Wpml Wpml 3.8.0 Wpml Wpml 3.9 Wpml Wpml 3.9.2 Wpml Wpml 3.9.3 Wpml Wpml 4.0 Wpml Wpml 4.0.5 Wpml Wpml 4.1 Wpml Wpml 4.1.3 Wpml Wpml 4.2 Wpml Wpml 4.2.1 Wpml Wpml 4.2.3 Wpml Wpml 4.2.5 Wpml Wpml 4.2.6 Wpml Wpml 4.2.7.1 Wpml Wpml 4.2.8 Wpml Wpml 4.2.9 Wpml Wpml 4.3 Wpml Wpml 4.3.4 Wpml Wpml 4.3.5 Wpml Wpml 4.3.6 Wpml Wpml 4.3.7 Wpml Wpml 4.3.12 Wpml Wpml 4.3.13 Wpml Wpml 4.3.17 Wpml Wpml 4.3.18 Wpml Wpml 4.3.19 Wpml Wpml 4.4.2 Wpml Wpml 4.4.5 Wpml Wpml 4.4.7 Wpml Wpml 4.4.11 Wpml Wpml 4.5 Wpml Wpml 4.5.1 Wpml Wpml 4.5.2 Wpml Wpml 4.5.3 Wpml Wpml 4.5.5 Wpml Wpml 4.5.9 Wpml Wpml 4.5.10	118

References

https://patchstack.com/database/vulnerability/sitepress-multilingual-cms/wordpress-wpml-multilingual-cms-plugin-4-5-10-broken-access-control-vulnerability?_s_id=cve