Vulnerabilities > Wpml
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2022-38974 | Unspecified vulnerability in Wpml Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | 4.3 |
| 2022-11-17 | CVE-2022-38461 | Unspecified vulnerability in Wpml Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | 4.3 |
| 2022-11-17 | CVE-2022-45071 | Cross-Site Request Forgery (CSRF) vulnerability in Wpml Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 8.8 |
| 2022-11-17 | CVE-2022-45072 | Cross-Site Request Forgery (CSRF) vulnerability in Wpml Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 4.3 |
| 2018-10-08 | CVE-2018-18069 | Cross-site Scripting vulnerability in Wpml process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | 4.3 |
| 2015-03-30 | CVE-2015-2792 | Improper Access Control vulnerability in Wpml The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. | 7.5 |
| 2015-03-30 | CVE-2015-2791 | Permissions, Privileges, and Access Controls vulnerability in Wpml The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. | 6.4 |
| 2015-03-17 | CVE-2015-2315 | Cross-site Scripting vulnerability in Wpml Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI. | 4.3 |
| 2015-03-17 | CVE-2015-2314 | SQL Injection vulnerability in Wpml SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | 7.5 |