WordPress Translation Plugin Vulnerability Affects +1 Million Sites

[ad_1]

A vital vulnerability was found within the WPML WordPress plugin, affecting over one million installations. The vulnerability permits an authenticated attacker to carry out distant code execution, probably resulting in a complete web site takeover. It’s listed as rated 9.9 out of 10 by the Widespread Vulnerabilities and Exposures (CVE) group.

WPML Plugin Vulnerability

The plugin vulnerability is because of a scarcity of a safety examine referred to as sanitization, a course of for filtering consumer enter knowledge to guard in opposition to the add of malicious recordsdata. Lack of sanitization on this enter makes the plugin susceptible to a Distant Code Execution.

The vulnerability exists inside a operate of a shortcode for making a customized language switcher. The operate renders the content material from the shortcode right into a plugin template however with out sanitizing the info, making it susceptible to code injection.

The vulnerability impacts all variations of the WPML WordPress plugin as much as and together with 4.6.12.

Timeline Of Vulnerability

Wordfence found the vulnerability in late June and promptly notified the publishers of WPML which remained unresponsive for a couple of month and a half, confirming response on August 1, 2024.

Customers of the paid model of Wordfence acquired safety eight days after discovery of the vulnerability, the free customers of Wordfence acquired safety on July twenty seventh.

Customers of the WPML plugin who didn’t use both model of Wordfence didn’t obtain safety from WPML till August twentieth, when the publishers lastly issued a patch in model 4.6.13.

Plugin Customers Urged To Replace

Wordfence urges all customers of the WPML plugin to ensure they’re utilizing the newest model of the plugin, WPML 4.6.13.

They wrote:

“We urge customers to replace their websites with the newest patched model of WPML, model 4.6.13 on the time of this writing, as quickly as attainable.”

Learn extra in regards to the vulnerability at Wordfence:

1,000,000 WordPress Sites Protected Against Unique Remote Code Execution Vulnerability in WPML WordPress Plugin

Featured Picture by Shutterstock/Luis Molinero

[ad_2]

Source link

What's Hot

test page

SEO Content Has a Packaging Problem — Whiteboard Friday

Google Shows 3 Ways To Boost Digital Marketing With Google Trends

WordPress Translation Plugin Vulnerability Affects +1 Million Sites

SEO Content Has a Packaging Problem — Whiteboard Friday

Google Shows 3 Ways To Boost Digital Marketing With Google Trends

Google Ads announces 11-year data retention policy

Reddit Makes Game-Changing Updates to Keyword Targeting

10+ Super SMART Goal Examples (& A Handy Template)

Apple Planning Big Mac Redesign and Half-Sized Old Mac

Autonomous Driving Startup Attracts Chinese Investor

Onboard Cameras Allow Disabled Quadcopters to Fly

Review: T-Mobile Winning 5G Race Around the World

Samsung Galaxy S21 Ultra Review: the New King of Android Phones

Xiaomi Mi 10: New Variant with Snapdragon 870 Review

Subscribe to Updates

What's Hot

WordPress Translation Plugin Vulnerability Affects +1 Million Sites

WPML Plugin Vulnerability

Timeline Of Vulnerability

Plugin Customers Urged To Replace

Related Posts