Because of this vulnerability, the attackers can execute arbitrary SQL commands via the “lang” parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
Related records:
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
wpml - wordpress multilingual | le | 3.1.8 |