HomeSEOWordPress Translation Plugin Vulnerability Affects +1 Million Sites
SEO

WordPress Translation Plugin Vulnerability Affects +1 Million Sites

ConsultingProTeam
By ConsultingProTeam
wpml vulnerability 125.jpg
wpml vulnerability 125.jpg

A important vulnerability was found within the WPML WordPress plugin, affecting over 1,000,000 installations. The vulnerability permits an authenticated attacker to carry out distant code execution, doubtlessly resulting in a complete web site takeover. It’s listed as rated 9.9 out of 10 by the Frequent Vulnerabilities and Exposures (CVE) group.

WPML Plugin Vulnerability

The plugin vulnerability is because of a scarcity of a safety test referred to as sanitization, a course of for filtering person enter knowledge to guard in opposition to the add of malicious recordsdata. Lack of sanitization on this enter makes the plugin susceptible to a Distant Code Execution.

The vulnerability exists inside a perform of a shortcode for making a customized language switcher. The perform renders the content material from the shortcode right into a plugin template however with out sanitizing the info, making it susceptible to code injection.

The vulnerability impacts all variations of the WPML WordPress plugin as much as and together with 4.6.12.

Timeline Of Vulnerability

Wordfence found the vulnerability in late June and promptly notified the publishers of WPML which remained unresponsive for a few month and a half, confirming response on August 1, 2024.

Customers of the paid model of Wordfence obtained safety eight days after discovery of the vulnerability, the free customers of Wordfence obtained safety on July twenty seventh.

Customers of the WPML plugin who didn’t use both model of Wordfence didn’t obtain safety from WPML till August twentieth, when the publishers lastly issued a patch in model 4.6.13.

Plugin Customers Urged To Replace

Wordfence urges all customers of the WPML plugin to verify they’re utilizing the most recent model of the plugin, WPML 4.6.13.

They wrote:

“We urge customers to replace their websites with the most recent patched model of WPML, model 4.6.13 on the time of this writing, as quickly as potential.”

Learn extra in regards to the vulnerability at Wordfence:

1,000,000 WordPress Websites Protected In opposition to Distinctive Distant Code Execution Vulnerability in WPML WordPress Plugin

Featured Picture by Shutterstock/Luis Molinero

Related posts:

  1. SEO Trends 2023, According To 24 Experts [Ebook]
  2. WordPress Shares Core Web Vitals In 2023 And Impact On Web
  3. How To Increase Localized Traffic To EU Domain Hosted In US
  4. WordPress Backup Plugin DoS Vulnerability Affects +200,000 Sites
Previous article
How These 7 Successful SEO Case Studies Transformed Online Visibility
Next article
1 under-the-radar FTSE 250 gem yielding over 6% investors should consider buying
ConsultingProTeam
ConsultingProTeamhttps://www.consultingproteam.com
RELATED ARTICLES

Most Popular

Load more

EDITOR PICKS

Popular News

POPULAR Tags

MarketingInvestingSocial Media MarketingBusinessseoNewsdigital marketingmoneyInvestcontent marketingSocial MediaGenerative AIRetirementMobile MarketingBrand StrategyMobileCreativeWebinarContentTechnical SEOYouTubeInstagramHome Business IdeasFacebookLinkedIn

Popular Tags

MarketingInvestingSocial Media MarketingBusinessseoNewsdigital marketingmoneyInvestcontent marketingSocial MediaGenerative AIRetirementMobile MarketingBrand Strategy

ABOUT US

At ConsultingProTeam, we are a team of dedicated digital marketing professionals passionate about helping businesses of all sizes thrive in the digital landscape.

Contact us: contact@consultingproteam.com

FOLLOW US

© 2024 All Rights reserved | Present by ConsultingProTeam