Known Vulnerabilities for products from WPML
Listed below are 10 of the newest known vulnerabilities associated with the vendor "WPML".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-49431 json | Not Provided | 2025-07-04 | 2026-04-01 | |
| CVE-2025-9451 json | Not Provided | 2025-09-11 | 2026-04-08 | |
| CVE-2024-6386 json | The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Se... | Not Provided | 2024-08-21 | 2026-04-08 |
| CVE-2022-45072 json | Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 4.3 - MEDIUM | 2022-11-17 | 2022-11-22 |
| CVE-2022-45071 json | Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 8.8 - HIGH | 2022-11-17 | 2022-11-22 |
| CVE-2022-38974 json | Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscrib... | 4.3 - MEDIUM | 2022-11-18 | 2022-11-21 |
| CVE-2022-38461 json | Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscr... | 4.3 - MEDIUM | 2022-11-17 | 2023-07-21 |
| CVE-2018-18069 json | process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_nam... | 6.1 - MEDIUM | 2018-10-08 | 2018-11-23 |
| CVE-2015-2792 json | The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attack... | 7.5 - HIGH | 2015-03-30 | 2015-03-31 |
| CVE-2015-2791 json | The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pag... | 6.4 - MEDIUM | 2015-03-30 | 2018-10-09 |
| CVE-2015-2315 json | Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbi... | 4.3 - MEDIUM | 2015-03-17 | 2018-10-09 |
| CVE-2015-2314 json | SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL co... | 7.5 - HIGH | 2015-03-17 | 2018-10-09 |
Known software with vulnerabilities from WPML
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Wpml | Wpml | 1.3.3 |