The sitepress-multilingual-cms (WPML) plugin prior to 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onthegosystems sitepress-multilingual-cms 4.3.7 |
||
onthegosystems sitepress-multilingual-cms |