Medium 6.4
2025-05-02≥ 3.6.0 and ≤ 4.7.3
WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode
WPML
Minimum safe version
4.6.13
Update to 4.6.13 or later to address 19 fixable vulnerabilities
Affected up to4.7.3 ⚠
High 8.8
2024-08-21< 4.6.13
CVE-2024-6386
N/A
< 4.6.1
WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting
N/A
2023-10-18< 3.1.7.2
WordPress Multilingual CMS Plugin <= 3.1.7.1 is vulnerable to Full Path Disclosure (FPD)
N/A
2023-03-16< 4.6.1
WPML <= 4.6.1 - Cross-Site Scripting
N/A
2023-04-16< 4.6.1
WPML <= 4.6.0 - Reflected Cross-Site Scripting via wp_lang
N/A
2023-03-16< 4.6.1
WordPress WPML - WordPress Multilingual Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)
N/A
2022-09-26< 4.5.11
WPML <= 4.5.10 - Unprotected AJAX Actions
Medium 4.3
2022-11-17< 4.5.14
CVE-2022-45072
Medium 4.3
2022-11-18< 4.5.11
CVE-2022-38974
Medium 5.4
2022-11-17< 4.5.11
CVE-2022-38461
Medium 5.4
2022-11-17< 4.5.14
CVE-2022-45071
N/A
2015-09-02< 3.2.7
WordPress WPML Plugin <= 3.2.6 - Cross Site Scripting
N/A
2015-10-18< 3.1.7.2
WordPress Multilingual CMS Plugin <= 3.1.7.1 - Full Path Disclosure
N/A
2015-03-17< 3.1.9
CVE-2015-2315
N/A
2015-03-17< 3.1.9.1
CVE-2015-2314
N/A
2015-03-30< 3.1.9.1
CVE-2015-2792
N/A
2015-03-30< 3.1.9.1
CVE-2015-2791
Medium 6.1
2018-10-08< 4.0
CVE-2018-18069
Medium 6.1
2019-09-25≥ 2.9.3 and ≤ 3.2.6
CVE-2015-9416
High 8.8
2020-03-14< 4.3.8
CVE-2020-10568