CVE-2015-2314

Currently unrated

Key Information:

Vendor: Wordpress
Status: WPml
Vendor: CVE Published:; 17 March 2015

Summary

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

References

http://klikki.fi/adv/wpml.html

x_refsource_MISC

http://wpml.org/2015/03/wpml-security-update-bug-and-fix/

x_refsource_CONFIRM

http://www.osvdb.org/119541

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 17, 2015
Vulnerability Reserved
Mar 17, 2015