VYPR

Sitepress Multilingual CMS

by WordPress

CVEs (3)

  • CVE-2018-18069MedOct 8, 2018
    risk 0.41cvss 6.1epss 0.13

    process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.

  • CVE-2020-10568Mar 14, 2020
    risk 0.00cvss epss 0.02

    The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.

  • CVE-2015-9416Sep 25, 2019
    risk 0.00cvss epss 0.01

    The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.