Unrated severityNVD Advisory· Published Mar 17, 2015· Updated May 6, 2026

CVE-2015-2314

Description

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

Affected products

Wpml/Wpml
cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*
Range: <=3.1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

klikki.fi/adv/wpml.htmlnvdExploit
packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2015/Mar/71nvdExploit
wpml.org/2015/03/wpml-security-update-bug-and-fix/nvdVendor Advisory
www.osvdb.org/119541nvd
www.securityfocus.com/archive/1/534862/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.018
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000