CVE-2015-2792

Currently unrated

Key Information:

Vendor: Wordpress
Status: WPml
Vendor: CVE Published:; 30 March 2015

Summary

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.

References

http://klikki.fi/adv/wpml.html

x_refsource_MISC

http://wpml.org/2015/03/wpml-security-update-bug-and-fix/

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2015/Mar/79

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 30, 2015