Welcome to Our Blog

March 16 – Vulnerability in the WPML Plugin

Mar 18, 2015

WPML is a premium plug-in for creating multilingual WordPress sites. The official WPML websites states that over 400,00 commercial sites have this plug-in installed.

Several security issues were found in the plug-in, the most serious of them being a SQL injection problem that can be exploited by an attacker to read the contents of a website’s database, including user details and password hashes, without authentication.

The developers of WPML released an update earlier this week to address the security issues.

Other security issues included:

  • An unauthenticated attacker may bypass WPML’s nonce check and perform any of the approximately 50 Ajax functions designed to be used by website administrator.
  • Allowing the removal of Content from pages, posts and menus.
  • An XXS vulnerability which an attacker can leverage to execute arbitrary JavaScript in a users browser
  • Need More Info? Call Us (888) 834-8932

    Contact Us

    © 2012 Toronto Professional services LTD. All rights reserved