Headline
CVE-2022-45072: WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Software
Multilingual CMS
Vulnerable versions
<= 4.5.13
PSID
9be045ae00bb
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-11-09
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to status change of translation job discovered by Dave Jong (Patchstack) in WordPress WPML Multilingual CMS premium plugin (versions <= 4.5.13).
Solution
Update the WordPress Multilingual CMS plugin to the latest available version (at least 4.5.14).
References