WPML - WordPress Multilingual <= 3.1.9.1 is vulnerable to Multiple Vulnerabilities

Unauthenticated

Published
2015-03-15

SQL injection vulnerability in the WPML plugin before 3.1.9.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

CVE

https://www.cve.org/CVERecord?id=CVE-2015-2314

CVSS

Score:9.8

Severity:Critical

Version: 3.1.9.1

There is a patch available in v3.1.9.2 and we strongly recommend you update to this version as soon as possible.