Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

August 28, 2024 at 12:33AM A critical security flaw in WPML plugin (CVE-2024-6386, CVSS score: 9.9) allows authenticated users to remotely execute arbitrary code before version 4.6.13. With Contributor-level access, attackers can exploit missing input validation and sanitization. This popular multilingual WordPress plugin has over one million installations and users are advised to apply the … Read more