Medium severity6.1NVD Advisory· Published Oct 8, 2018· Updated Jun 17, 2026
CVE-2018-18069
CVE-2018-18069
Description
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.6.3
Patches
Vulnerability mechanics
References
1- 0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.