Woocommerce Multilingual

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-32602	WordPress Woocommerce Multilingual	Hig	0.49	7.6	0.01	Apr 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
CVE-2025-26888	WordPress Woocommerce Multilingual	Med	0.34	5.3	0.00	Apr 9, 2025	Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through <= 5.3.8.
CVE-2024-8629	WordPress Woocommerce Multilingual	Med	0.33	6.1	0.00	Oct 8, 2024	The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for…

CVE-2024-32602HigApr 18, 2024
WordPress
Woocommerce Multilingual
risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
CVE-2025-26888MedApr 9, 2025
WordPress
Woocommerce Multilingual
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through <= 5.3.8.
CVE-2024-8629MedOct 8, 2024
WordPress
Woocommerce Multilingual
risk 0.33cvss 6.1epss 0.00
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for…