Vulnerabilities > Wpml
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-6386 | Code Injection vulnerability in Wpml The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. | 8.8 |
| 2022-11-18 | CVE-2022-38974 | Unspecified vulnerability in Wpml Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | 4.3 |
| 2022-11-17 | CVE-2022-38461 | Unspecified vulnerability in Wpml Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | 4.3 |
| 2022-11-17 | CVE-2022-45071 | Cross-Site Request Forgery (CSRF) vulnerability in Wpml Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 8.8 |
| 2022-11-17 | CVE-2022-45072 | Cross-Site Request Forgery (CSRF) vulnerability in Wpml Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 4.3 |
| 2018-10-08 | CVE-2018-18069 | Cross-site Scripting vulnerability in Wpml process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | 6.1 |