Vulnerability Details CVE-2015-2314
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.2
EPSS Ranking 95.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://klikki.fi/adv/wpml.html
- http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/71
- http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
- http://www.osvdb.org/119541
- http://www.securityfocus.com/archive/1/534862/100/0/threaded
- http://klikki.fi/adv/wpml.html
- http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/71
- http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
- http://www.osvdb.org/119541
- http://www.securityfocus.com/archive/1/534862/100/0/threaded
Products affected by CVE-2015-2314
-
cpe:2.3:a:wpml:wpml:1.3.3
-
cpe:2.3:a:wpml:wpml:1.3.4
-
cpe:2.3:a:wpml:wpml:1.3.5
-
cpe:2.3:a:wpml:wpml:1.4.0
-
cpe:2.3:a:wpml:wpml:1.5.0
-
cpe:2.3:a:wpml:wpml:1.5.1
-
cpe:2.3:a:wpml:wpml:1.6.0
-
cpe:2.3:a:wpml:wpml:1.7.0
-
cpe:2.3:a:wpml:wpml:1.7.1
-
cpe:2.3:a:wpml:wpml:1.7.2
-
cpe:2.3:a:wpml:wpml:1.7.3
-
cpe:2.3:a:wpml:wpml:1.7.4
-
cpe:2.3:a:wpml:wpml:1.7.6
-
cpe:2.3:a:wpml:wpml:1.7.7
-
cpe:2.3:a:wpml:wpml:1.7.8
-
cpe:2.3:a:wpml:wpml:1.7.9
-
cpe:2.3:a:wpml:wpml:1.8.0
-
cpe:2.3:a:wpml:wpml:1.8.1
-
cpe:2.3:a:wpml:wpml:1.8.2
-
cpe:2.3:a:wpml:wpml:2.0
-
cpe:2.3:a:wpml:wpml:2.0.1
-
cpe:2.3:a:wpml:wpml:2.0.3
-
cpe:2.3:a:wpml:wpml:2.0.4.1
-
cpe:2.3:a:wpml:wpml:2.1.0
-
cpe:2.3:a:wpml:wpml:2.1.1
-
cpe:2.3:a:wpml:wpml:2.1.2
-
cpe:2.3:a:wpml:wpml:2.2.0
-
cpe:2.3:a:wpml:wpml:2.2.1
-
cpe:2.3:a:wpml:wpml:2.2.2
-
cpe:2.3:a:wpml:wpml:2.2.2.1
-
cpe:2.3:a:wpml:wpml:2.3.0
-
cpe:2.3:a:wpml:wpml:2.3.1
-
cpe:2.3:a:wpml:wpml:2.3.2
-
cpe:2.3:a:wpml:wpml:2.3.3
-
cpe:2.3:a:wpml:wpml:2.3.4
-
cpe:2.3:a:wpml:wpml:2.4.0
-
cpe:2.3:a:wpml:wpml:2.4.1
-
cpe:2.3:a:wpml:wpml:2.4.2
-
cpe:2.3:a:wpml:wpml:2.4.3
-
cpe:2.3:a:wpml:wpml:2.5.1
-
cpe:2.3:a:wpml:wpml:2.5.2
-
cpe:2.3:a:wpml:wpml:2.6.0
-
cpe:2.3:a:wpml:wpml:2.6.1
-
cpe:2.3:a:wpml:wpml:2.6.2
-
cpe:2.3:a:wpml:wpml:2.6.3
-
cpe:2.3:a:wpml:wpml:2.6.4
-
cpe:2.3:a:wpml:wpml:2.7
-
cpe:2.3:a:wpml:wpml:2.8
-
cpe:2.3:a:wpml:wpml:2.8.2
-
cpe:2.3:a:wpml:wpml:2.9
-
cpe:2.3:a:wpml:wpml:2.9.1
-
cpe:2.3:a:wpml:wpml:2.9.2
-
cpe:2.3:a:wpml:wpml:2.9.3
-
cpe:2.3:a:wpml:wpml:3.0
-
cpe:2.3:a:wpml:wpml:3.1
-
cpe:2.3:a:wpml:wpml:3.1.4
-
cpe:2.3:a:wpml:wpml:3.1.5
-
cpe:2.3:a:wpml:wpml:3.1.6
-
cpe:2.3:a:wpml:wpml:3.1.7
-
cpe:2.3:a:wpml:wpml:3.1.8