cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8629,https://securityvulnerability.io/vulnerability/CVE-2024-8629,Reflected Cross-Site Scripting Vulnerability in WooCommerce Multilingual & Multicurrency with WPML plugin,"The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,WooCommerce Multilingual & Multicurrency With WPml,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-08T09:33:13.442Z,0
CVE-2024-6386,https://securityvulnerability.io/vulnerability/CVE-2024-6386,WordPress Plugin Vulnerable to Remote Code Execution,"A critical vulnerability (CVE-2024-6386) in the popular WPML WordPress Multilingual plugin has been discovered, allowing for remote code execution. This vulnerability affects all versions up to 4.6.12, making it possible for attackers with Contributor-level access or above to execute code on the server. The security firm Wordfence has facilitated the disclosure of the flaw and researchers have earned bounties for reporting critical plugin vulnerabilities. The issue was resolved in WPML version 4.6.13, and users are strongly encouraged to update to that version as soon as possible. Publicly available proof-of-concept code targeting the vulnerability has raised concerns about the potential exploitation of this issue, as it could lead to complete site compromise through various techniques.",Wordpress,WPml,8.8,HIGH,0.0006200000061653554,false,,true,false,true,true,false,false,2024-08-21T21:15:00.000Z,1374
CVE-2022-38974,https://securityvulnerability.io/vulnerability/CVE-2022-38974,WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability,Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.,Wordpress,WPml Multilingual Cms (WordPress Plugin),4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-18T19:15:00.000Z,0
CVE-2022-38461,https://securityvulnerability.io/vulnerability/CVE-2022-38461,WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability,"Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).",Wordpress,WPml Multilingual Cms (WordPress Plugin),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-17T22:15:00.000Z,0
CVE-2022-45071,https://securityvulnerability.io/vulnerability/CVE-2022-45071,WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.,Wordpress,WPml Multilingual Cms (WordPress Plugin),5.4,MEDIUM,0.0010300000431016088,false,,false,false,false,,false,false,2022-11-17T22:15:00.000Z,0
CVE-2022-45072,https://securityvulnerability.io/vulnerability/CVE-2022-45072,WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.,Wordpress,WPml Multilingual Cms (WordPress Plugin),4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2022-11-17T22:15:00.000Z,0
CVE-2018-18069,https://securityvulnerability.io/vulnerability/CVE-2018-18069,,process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.,Wordpress,WPml,6.1,MEDIUM,0.0011099999537691474,false,,false,false,false,,false,false,2018-10-08T22:00:00.000Z,0
CVE-2015-2792,https://securityvulnerability.io/vulnerability/CVE-2015-2792,,"The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.",Wordpress,WPml,,,0.01486000046133995,false,,false,false,false,,false,false,2015-03-30T14:59:00.000Z,0
CVE-2015-2791,https://securityvulnerability.io/vulnerability/CVE-2015-2791,,"The ""menu sync"" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.",Wordpress,WPml,,,0.012860000133514404,false,,false,false,false,,false,false,2015-03-30T14:00:00.000Z,0
CVE-2015-2314,https://securityvulnerability.io/vulnerability/CVE-2015-2314,,SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.,Wordpress,WPml,,,0.00800000037997961,false,,false,false,false,,false,false,2015-03-17T15:00:00.000Z,0
CVE-2015-2315,https://securityvulnerability.io/vulnerability/CVE-2015-2315,,Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.,Wordpress,WPml,,,0.017160000279545784,false,,false,false,true,true,false,false,2015-03-17T15:00:00.000Z,0