CVE-2020-10568

The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:4.3.7:b.1:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:14

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577', 'name': 'https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577 -

Information

Published : 2020-03-14 14:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-10568

Mitre link : CVE-2020-10568

CVE.ORG link : CVE-2020-10568


JSON object : View

Products Affected

onthegosystems

  • sitepress-multilingual-cms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)