Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization,

Posted from: Click here for the full article.

留言

此網誌的熱門文章

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy