Security researchers discovered a critical vulnerability in the WPML WordPress
plugin, currently installed on more than a million websites, posing a
significant security risk.
plugin, currently installed on more than a million websites, posing a
significant security risk.
The flaw, tracked as CVE-2024-6386
[https://nvd.nist.gov/vuln/detail/CVE-2024-6386] and carrying a CVSS score of
9.9, is a critical remote code execution (RCE) vulnerability affecting all
versions through 4.6.12 of the WPML plugin.
Flaw Stemmed from Failure to Validate and Sanitize Input
The plugin WPML, short for WordPr