Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
August 27, 2024 at 11:18AM A critical vulnerability in the WPML multilingual plugin for WordPress, tracked as CVE-2024-6386 with a CVSS score of 9.9, could expose over one million websites to remote code execution (RCE). The issue, involving a server-side template injection (SSTI), was resolved in WPML version 4.6.13, released on August 20. Users are … Read more