Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.7 views

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

8.8CVSS7.9AI score0.01705EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:26 a.m.5 views

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

6.1CVSS6AI score0.0102EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.305 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
CNVD
CNVD
added 2020/03/17 12:0 a.m.3 views

WordPress sitepress-multilingual-cms cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitepress-multilingual-cms WPML plugin is a website multilingual support plugin used in it. A cross-site request forgery vulnerability...

8.8CVSS6.7AI score0.01705EPSS
Exploits1References1
NVD
NVD
added 2020/03/14 2:15 p.m.30 views

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

8.8CVSS9AI score0.01705EPSS
Exploits1References2
OSV
OSV
added 2020/03/14 2:15 p.m.4 views

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

8.8CVSS7.8AI score0.01705EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/03/14 1:50 p.m.28 views

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

9AI score0.01705EPSS
Exploits1References2
CNVD
CNVD
added 2019/09/29 12:0 a.m.2 views

WordPress sitepress-multilingual-cms (WPML) plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitepress-multilingual-cms WPML plugin is a website multilingual support plugin used in it. A cross-site scripting vulnerability exist...

6.1CVSS6.3AI score0.0102EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/08 10:0 p.m.31 views

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

6AI score0.13207EPSS
Exploits2References1
CVE
CVE
added 2018/10/08 10:0 p.m.91 views

CVE-2018-18069

The CVE-2018-18069 entry concerns the WordPress plugin sitepress-multilingual-cms (WPML) up to version 3.6.3. A Cross-Site Scripting (XSS) flaw exists in the process_forms function via any locale_file_name_ parameter (e.g., locale_file_name_en) when making an authenticated request to wp-admin/adm...

6.1CVSS5.9AI score0.13207EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2015/03/30 2:0 p.m.26 views

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

6.7AI score0.13386EPSS
Exploits1References5
CVE
CVE
added 2015/03/30 2:0 p.m.61 views

CVE-2015-2791

CVE-2015-2791 affects the WordPress WPML plugin prior to 3.1.9. The vulnerability is in the plugin’s menu sync function and allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. The evidence base also notes bro...

6.4CVSS6.9AI score0.13386EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/12 12:0 a.m.33 views

WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)

The sitepress-multilingual-cms WordPress plugin was affected by a Multiple Vulnerabilities Including SQLi security vulnerability...

7.5CVSS2.5AI score0.13386EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2012/12/30 12:0 a.m.321 views

Wordpress plugins sitepress-multilingual-cms Full Path Disclosure

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Rows per page
Query Builder