Nu am mai stat sa traduc aceasta notificare din partea WordfenceSeveral serious vulnerabilities have been disclosed in the WPML plugin for WordPress. Jouko Pynnonen, the CEO of Finland-based IT company Klikki Oy disclosed the vulnerabilities earlier this week. They include:
SecurityWeek is also covering this issue.
- SQL injection which gives full access to the WordPress database.
- Page, post and menu deletion by an unauthenticated attacker.
- Reflected XSS
- Unauthenticated administrative functions.
What to do: Upgrade immediately to WPML version 3.1.9 which was released earlier this week and resolves these issues.
Regards,
Mark Maunder
Wordfence Founder & CEO