this post was submitted on 28 Aug 2024
17 points (100.0% liked)

Cybersecurity

5404 readers
128 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
[email protected]
[email protected]
17
Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (thehackernews.com)
submitted 3 weeks ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances.

The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024.

Arising due to missing input validation and sanitization, the issue makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

WPML is a popular plugin used for building multilingual WordPress sites. It has over one million active installations.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 3 weeks ago

"authenticated attackers, with Contributor-level access and above" bad, but 9.9 seems a tad OTT unless there are other possible methods.