ARTICLE AD BOX
Critical WPML WordPress plugin vulnerability allows distant codification execution, affecting implicit 1 cardinal WordPress websites
A captious vulnerability was discovered successful the WPML WordPress plugin, affecting implicit a cardinal installations. The vulnerability allows an authenticated attacker to execute distant codification execution, perchance starring to a full tract takeover. It is listed arsenic rated 9.9 retired of 10 by the Common Vulnerabilities and Exposures (CVE) organization.
WPML Plugin Vulnerability
The plugin vulnerability is owed to a deficiency of a information cheque called sanitization, a process for filtering idiosyncratic input information to support against the upload of malicious files. Lack of sanitization successful this input makes the plugin susceptible to a Remote Code Execution.
The vulnerability exists wrong a relation of a shortcode for creating a customized connection switcher. The relation renders the contented from the shortcode into a plugin template but without sanitizing the data, making it susceptible to codification injection.
The vulnerability affects each versions of the WPML WordPress plugin up to and including 4.6.12.
Timeline Of Vulnerability
Wordfence discovered the vulnerability successful precocious June and promptly notified the publishers of WPML which remained unresponsive for astir a period and a half, confirming effect connected August 1, 2024.
Users of the paid mentation of Wordfence received extortion 8 days aft find of the vulnerability, the escaped users of Wordfence received extortion connected July 27th.
Users of the WPML plugin who did not usage either mentation of Wordfence did not person extortion from WPML until August 20th, erstwhile the publishers yet issued a spot successful mentation 4.6.13.
Plugin Users Urged To Update
Wordfence urges each users of the WPML plugin to marque definite they are utilizing the latest mentation of the plugin, WPML 4.6.13.
They wrote:
“We impulse users to update their sites with the latest patched mentation of WPML, mentation 4.6.13 astatine the clip of this writing, arsenic soon arsenic possible.”
Read much astir the vulnerability astatine Wordfence:
Featured Image by Shutterstock/Luis Molinero
SEJ STAFF Roger Montti Owner - Martinibuster.com astatine Martinibuster.com
I person 25 years hands-on acquisition successful SEO, evolving on with the hunt engines by keeping up with the latest ...
![Win Higher-Quality Links: The PR Approach To SEO Success [Webinar] via @sejournal, @lorenbaker](https://www.searchenginejournal.com/wp-content/uploads/2025/03/featured-1-716.png)
English (US)