48 matches found
EUVD-2022-47993
Malicious code in bioql PyPI...
EUVD-2022-41521
Malicious code in bioql PyPI...
EUVD-2022-41045
Malicious code in bioql PyPI...
EUVD-2022-47992
Malicious code in bioql PyPI...
WordPress WPML Multilingual CMS Plugin < 4.6.13 RCE Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpml:wpml"; if description...
CVE-2020-10568
The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...
CVE-2015-9416
The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...
CVE-2024-6386 WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with...
WordPress WPML Multilingual CMS plugin <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection vulnerability
Authenticated Contributor+ Remote Code Execution via Twig Server-Side Template Injection vulnerability discovered by stealthcopter in WordPress Plugin Multilingual CMS versions = 4.6.12...
WordPress Multilingual CMS Plugin <= 4.6.12 is vulnerable to Remote Code Execution (RCE)
Software Multilingual CMS Type Plugin Vulnerable versions = 4.6.12 Fixed in 4.6.13 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-6386 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 31c994cd7315 Credits stealthcopter Required...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...
WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting
The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...
WordPress WPML Multilingual CMS premium plugin access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPML Multilingual CMS premium plugin 4.5.10 and earlier versions are vulnerable to an acces...
WordPress Plugin WPML Multilingual CMS premium Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
CVE-2022-38974
The CVE-2022-38974 entry concerns WPML Multilingual CMS premium plugin for WordPress ≤ 4.5.10, where a Broken Access Control flaw allows users with subscriber or higher roles to change the status of translation jobs. The vulnerability arises from improper access control in the plugin’s translatio...
CVE-2022-38974 WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin = 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs...
CVE-2022-45071
Cross-Site Request Forgery CSRF vulnerability in WPML Multilingual CMS premium plugin = 4.5.13 on WordPress...
CVE-2022-45071
Cross-Site Request Forgery CSRF vulnerability in WPML Multilingual CMS premium plugin = 4.5.13 on WordPress...
CVE-2022-45072
Cross-Site Request Forgery CSRF vulnerability in WPML Multilingual CMS premium plugin = 4.5.13 on WordPress...
CVE-2022-38461
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin = 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings selected language for legacy widgets, the default behavior for media content...