Описание
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-2791
- https://wpml.org/2015/03/wpml-security-update-bug-and-fix
- http://klikki.fi/adv/wpml.html
- http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/71
- http://www.securityfocus.com/archive/1/534862/100/0/threaded
EPSS
Процентиль: 95%
0.17445
Средний
CVE ID
Связанные уязвимости
nvd
почти 11 лет назад
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
EPSS
Процентиль: 95%
0.17445
Средний