Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin WPML Unauthenticated Stored XSS - Vulnerability Database

WordPress Plugin WPML Unauthenticated Stored XSS

Description

WPML is a WordPress plugin for building multilingual WordPress sites. A vulnerability has been found in the WPML plugin up to version 3.6.3 that allows an attacker to inject arbitrary html and script code into the WordPress site. This vulnerability affects the file sitepress.class.php and can be exploited via the POST parameter locale_file_name_en.

Remediation

Upgrade to the latest version of the WPML plugin.

References

Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS
The WordPress Multilingual Plugin

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: XSS
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13) High
Common tags: XSS
WordPress Plugin WordPress Appointment Booking and Online Scheduling by Appointy Cross-Site Scripting (2.40) High
Common tags: XSS
WordPress Plugin WordPress Colorbox Lightbox Cross-Site Scripting (1.1.2) High
Common tags: XSS
WordPress Plugin WordPress fancyBox Lightbox Cross-Site Scripting (1.0.1) High
Common tags: XSS

Severity

High

Classification

CVE-2018-18069
CWE-80
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

XSS