Security Vulnerability: Update WPML Immediately

Security Vulnerability Update: WPML Plugin

WP Total Defense Security Vulnerability WPMLWe have just received an urgent security vulnerability announcement regarding the popular WPML plugin. WPML is the industry standard for multi-lingual WordPress sites. While there were several vulnerabilities discovered and addressed in the latest update, the most serious of them is an SQL injection problem that allows anyone to read the contents of the WordPress database, including user details and password hashes, without being authenticated.

Complete list of WPML vulnerabilities includes:

  • SQL injection which gives full access to the WordPress database.
  • Page, post and menu deletion by an unauthenticated attacker.
  • Reflected XSS
  • Unauthenticated administrative functions.

Solution: Immediately upgrade to WPML version 3.1.9 released earlier this week. It fully addresses and resolves these issues.

Note: If you are a WP Total Defense we have already made these updates for you.

Security, Backup & Update Management with WP Total Defense

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.