2 matches found
CVE-2015-2792
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...
CVE-2015-2792
The CVE-2015-2792 entry concerns the WordPress WPML plugin prior to 3.1.9. It describes a vulnerability where the plugin does not properly handle multiple actions in a single request, allowing an attacker to bypass nonce checks and perform arbitrary actions by including an action parameter in bot...