17
Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (thehackernews.com)
submitted 2 months ago by AmbiguousProps@lemmy.today to c/cybersecurity@sh.itjust.works
1 comments fedilink hide all child comments

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances.

The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024.

Arising due to missing input validation and sanitization, the issue makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

WPML is a popular plugin used for building multilingual WordPress sites. It has over one million active installations.

you are viewing a single comment's thread
view the rest of the comments
[-] tgxn@lemmy.tgxn.net 3 points 2 months ago

"authenticated attackers, with Contributor-level access and above" bad, but 9.9 seems a tad OTT unless there are other possible methods.

this post was submitted on 28 Aug 2024
17 points (100.0% liked)

Cybersecurity

5607 readers
191 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social