Lucene search
Dave Jong (Patchstack)PATCHSTACK:4FB8519D9D353FFC5697A70F58000088HistoryNov 09, 2022 - 12:00 a.m.
WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability
2022-11-0900:00:00
Dave Jong (Patchstack)
patchstack.com
7
wordpress
multilingual cms
broken access control
EPSS
0.001
Percentile
22.7%
Broken Access Control vulnerability leading to plugin settings change (selected language for legacy widgets can be changed, and default behavior for media content can be changed) discovered by Dave Jong in WordPress WPML Multilingual CMS premium plugin (versions <= 4.5.10).
Solution
Update the WordPress Multilingual CMS plugin to the latest available version (at least 4.5.11).
Related
cnvd
cnvd
nvd
nvd
CVE-2022-38461
2022-11-17 22:15:10
cve
cve
CVE-2022-38461
2022-11-17 22:15:10
wpvulndb
wpvulndb
WPML < 4.5.11 - Subscriber+ Settings Update
2022-11-09 00:00:00
prion
prion
Improper access control
2022-11-17 22:15:00
cvelist
cvelist