Onthegosystems Sitepress-multilingual-cms — known CVE vulnerabilities
Every CVE whose affected-product data names Onthegosystems Sitepress-multilingual-cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-10568 — CVSS 8.8 (high): The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code…
CVE-2015-9416 — CVSS 6.1 (medium): The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.