Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » WPML WordPress plugin vulnerabilities expose 400,000 websites

WPML WordPress plugin vulnerabilities expose 400,000 websites

2015/03/16

Securityweek - (International) WPML developers released an update to address security flaws in its WordPress premium multilingual plugin, including a vulnerability that allows an attacker to leverage an SQL injection exploit to read contents on affected users' databases, including password hashes and other user detail, and another that allows the removal of content from Web sites due to lack of access control in the "menu sync" functionality. More than 400,000 commercial Web sites utilize the plugin.

Source: http://www.securityweek.com/wpml-wordpress-plugin-vulnerabilities-expose-400000-websites

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:44