ID de Prueba:	1.3.6.1.4.1.25623.1.0.805153
Categoría:	Web application abuses
Título:	WordPress WPML Plugin < 3.1.9.1 Multiple Vulnerabilities
Resumen:	The WordPress plugin 'WPML' is prone to multiple; vulnerabilities.
Descripción:	Summary: The WordPress plugin 'WPML' is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation of parsed language code when a HTTP POST request containing the parameter 'action=wp-link-ajax'. - Lack of access control over menu a 'menu sync' function. - The 'reminder popup' code intended for administrators in WPML did not check for login status or nonce. - The problem is the mixed use of mixed $_REQUEST and $_GET. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data and delete practically all content of the website - posts, pages, and menus. Affected Software/OS: WordPress WPML plugin versions prior to 3.1.9.1. Solution: Update to version 3.1.9.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2314 Bugtraq: 20150312 WPML WordPress plug-in SQL injection etc. (Google Search) http://www.securityfocus.com/archive/1/534862/100/0/threaded http://seclists.org/fulldisclosure/2015/Mar/71 http://klikki.fi/adv/wpml.html http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html http://www.osvdb.org/119541 Common Vulnerability Exposure (CVE) ID: CVE-2015-2315
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.