Vulnerabilities > Wpml > Wpml > 3.7.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-38974 Unspecified vulnerability in Wpml
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.
network
low complexity
wpml
4.3
4.3
2022-11-17 CVE-2022-38461 Unspecified vulnerability in Wpml
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
network
low complexity
wpml
4.3
4.3
2022-11-17 CVE-2022-45071 Cross-Site Request Forgery (CSRF) vulnerability in Wpml
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
network
low complexity
wpml CWE-352
8.8
8.8
2022-11-17 CVE-2022-45072 Cross-Site Request Forgery (CSRF) vulnerability in Wpml
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
network
low complexity
wpml CWE-352
4.3
4.3