Product
wpml
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-3488
CVE-2024-6386
CVE-2022-38974
CVE-2022-45072
CVE-2022-45071
CVE-2022-38461
CVE-2018-18069
CVE-2015-2792
CVE-2015-2791
CVE-2015-2315
CVE-2015-2314
>= 3.6.0 and < 4.7.4
The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in ve
< 4.6.13
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-
<= 4.5.10
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or
< 4.5.14
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
< 4.5.14
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
<= 4.5.10
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber
>= 1.3.3 and <= 3.6.3
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ pa
<= 3.1.8
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers t
<= 3.1.8
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, a
<= 3.1.8
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary
<= 3.1.8
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL command