Vulnerabilities > Wpml > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-45071 | Cross-Site Request Forgery (CSRF) vulnerability in Wpml Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 8.8 |
| 2015-03-30 | CVE-2015-2792 | Improper Access Control vulnerability in Wpml The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. | 7.5 |
| 2015-03-17 | CVE-2015-2314 | SQL Injection vulnerability in Wpml SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | 7.5 |