SQL injection vulnerability in the WPML plugin prior to 3.1.9 for WordPress allows remote malicious users to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpml wpml |