EPSS
Percentile
82.0%
Because of the “menu sync” function, remote attackers can delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
Related records:
http://db.threatpress.com/vulnerability/wpml---wordpress-multilingual-/wordpress-wpml-plugin-3-1-8-sql-injection-2
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2791