Headline
CVE-2022-38974: WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability - Patchstack
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Software
Multilingual CMS
Vulnerable versions
<= 4.5.10
PSID
415da39cee3a
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-11-09
Details
Broken Access Control vulnerability leading to status change of translation job discovered by Dave Jong (Patchstack) in the WordPress WPML Multilingual CMS premium plugin (versions <= 4.5.10).
Solution
Update the WordPress Multilingual CMS plugin to the latest available version (at least 4.5.11).
References