Security Vulnerability Update: WPML Plugin
We have just received an urgent security vulnerability announcement regarding the popular WPML plugin. WPML is the industry standard for multi-lingual WordPress sites. While there were several vulnerabilities discovered and addressed in the latest update, the most serious of them is an SQL injection problem that allows anyone to read the contents of the WordPress database, including user details and password hashes, without being authenticated.
Complete list of WPML vulnerabilities includes:
- SQL injection which gives full access to the WordPress database.
- Page, post and menu deletion by an unauthenticated attacker.
- Reflected XSS
- Unauthenticated administrative functions.
Solution: Immediately upgrade to WPML version 3.1.9 released earlier this week. It fully addresses and resolves these issues.
Note: If you are a WP Total Defense we have already made these updates for you.