2 matches found
WordPress WPML Plugin SQL Injection (CVE-2015-2314)
An SQL injection vulnerability exists in the WPML plugin for WordPress, allowing remote attackers to execute arbitrary SQL commands...
CVE-2015-2314
The CVE-2015-2314 issue affects the WordPress WPML plugin, specifically versions earlier than 3.1.9. The vulnerability is an SQL injection caused by improper filtering of the lang parameter in the HTTP Referer header during the wp-link-ajax comments/feed action, allowing remote attackers to execu...