48 matches found
WordPress sitepress-multilingual-cms (WPML) plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitepress-multilingual-cms WPML plugin is a website multilingual support plugin used in it. A cross-site scripting vulnerability exist...
File Upload Vulnerability in Acme CMS 2.0
Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. Acme CMS 2.0 suffers from a file upload vulnerability, which can be exploited by attackers to gain control of the web server...
CVE-2018-18069
processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...
CVE-2018-18069
The CVE-2018-18069 entry concerns the WordPress plugin sitepress-multilingual-cms (WPML) up to version 3.6.3. A Cross-Site Scripting (XSS) flaw exists in the process_forms function via any locale_file_name_ parameter (e.g., locale_file_name_en) when making an authenticated request to wp-admin/adm...
CVE-2015-2791
CVE-2015-2791 affects the WordPress WPML plugin prior to 3.1.9. The vulnerability is in the plugin’s menu sync function and allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. The evidence base also notes bro...
CVE-2015-2791
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...
WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)
The sitepress-multilingual-cms WordPress plugin was affected by a Multiple Vulnerabilities Including SQLi security vulnerability...
Wordpress plugins sitepress-multilingual-cms Full Path Disclosure
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...