Report
SQL injection vulnerability in the WPML plugin before 3.1.9.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
Score:9.8
Severity:Critical
Version: 3.1.8
There is a patch available in v3.1.9 and we strongly recommend you update to this version as soon as possible.
