Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical flaw in the WPML plugin exposes WordPress sites to remote code execution
Global Security

A critical flaw in the WPML plugin exposes WordPress sites to remote code execution

AdminBy AdminAugust 28, 2024No Comments2 Mins Read
WPML Plugin Flaw
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 28, 2024Ravi LakshmananWordPress Security / Site Protection

WPML plugin error

A critical security flaw was discovered in the WPML multilingual WordPress plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances.

Vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), affects all versions of the plugin before 4.6.13, which was released on August 20, 2024.

The issue, which occurs due to the lack of input validation and sanitization, allows authenticated attackers with Contributor access and above to execute code on the server.

Cyber ​​security

WPML is a popular plugin used to create multilingual WordPress sites. It has over a million active installs.

The stealthcopter security researcher who discovered and reported CVE-2024-6386 said the problem is in the plugin’s handling short codes which are used to insert message content such as audio, images and video.

WPML plugin error

“Specifically, the plugin uses Twig templates to render content in shortcodes, but fails to properly sanitize the input, resulting in Server-Side Template Injection (SSTI),” researcher said.

SSTI, as the name suggests, is happening where an attacker can use a custom template syntax to inject a malicious payload into a web template that is then executed on the server. An attacker could then use the flaw to execute arbitrary commands, effectively allowing them to take control of the site.

Cyber ​​security

“This release of WPML fixes a security vulnerability that could allow users with certain permissions to perform unauthorized actions,” the plugin’s developers told OnTheGoSystems. said. “This problem is unlikely to occur in real-world scenarios. It requires users to have editing permission in WordPress, and the site must use very specific settings.”

Plugin users are advised to apply the latest patches to reduce potential threats.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.