CVE-2015-2791

Currently unrated

Key Information:

Vendor: Wordpress
Status: WPml
Vendor: CVE Published:; 30 March 2015

Summary

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.

References

https://wpml.org/2015/03/wpml-security-update-bug-and-fix/

x_refsource_CONFIRM

http://klikki.fi/adv/wpml.html

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Mar/71

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Mar 30, 2015
Vulnerability Reserved
Mar 30, 2015