ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WPML Plugin <= 3.1.8 - SQL Injection #2

Product
WPML - WordPress Multilingual
Description
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "lang" parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. Related records: http://db.threatpress.com/vulnerability/wpml---wordpress-multilingual-/wordpress-wpml-plugin-3-1-8-sql-injection-2
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2015-2314
Versions
Affected In <= 3.1.8
Fixed In 3.1.9
Disclosure date
2015-03-17
Credits
Klikki Oy