Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical flaw in WPML WordPress plugin impacts 1M websites

A critical flaw in the WPML WordPress plugin, which is installed on 1 million websites, could allow potential compromise of affected sites. The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. An authenticated (Contributor+) Remote Code Execution (RCE) vulnerability, tracked CVE-2024-6386 (CVSS score of 9.9), in WPML Plugin potentially allows […]

ShapedPlugin plugin

A critical flaw in the WPML WordPress plugin, which is installed on 1 million websites, could allow potential compromise of affected sites.

The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. An authenticated (Contributor+) Remote Code Execution (RCE) vulnerability, tracked CVE-2024-6386 (CVSS score of 9.9), in WPML Plugin potentially allows the compromise of impacted websites.

WPML makes it easy to build multilingual sites and run them.

“The vulnerability lies in the handling of shortcodes within the WPML plugin. Specifically, the plugin uses Twig templates for rendering content in shortcodes but fails to properly sanitize input, leading to server-side template injection (SSTI).” reads a report published by the researcher stealthcopter, who discovered and responsibly reported this issue through the Wordfence Bug Bounty Program. The researcher earned a bounty of $1,639.00 for this discovery.

The WPML WordPress plugin relies on Twig templates for rendering shortcode content but fails to properly sanitize input, leading to a server-side template injection (SSTI) vulnerability. This flaw can be exploited for remote code execution (RCE), as demonstrated by proof-of-concept (PoC) code published by the researcher.

“This vulnerability is a classic example of the dangers of improper input sanitization in templating engines. Developers should always sanitize and validate user inputs, especially when dealing with dynamic content rendering. This case serves as a reminder that security is a continuous process, requiring vigilance at every stage of development and data processing.” continues stealthcopter.

The flaw affects plugin versions prior 4.6.13

However, the plugin’s maintainer OnTheGoSystems downplayed the issue saying that the flaw is hard to exploit in real-world scenarios.

“This WPML release fixes a security vulnerability that could allow users with certain permissions to perform unauthorized actions. This issue is unlikely to occur in real-world scenarios.” OnTheGoSystems wrotes. “It requires users to have editing permissions in WordPress, and the site must use a very specific setup,”

“We encourage WordPress users to verify that their sites are updated to the latest patched version of WPML as soon as possible considering the critical nature of this vulnerability.” reads the post published by Wordfence.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganin

(SecurityAffairs – hacking, Volt Typhoon)