CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10568

The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://medium.com/%40arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577
https://wpvulndb.com/vulnerabilities/10131
https://medium.com/%40arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577
https://wpvulndb.com/vulnerabilities/10131

Products affected by CVE-2020-10568

Onthegosystems » Sitepress-Multilingual-Cms » Version: N/A

cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:-
Onthegosystems » Sitepress-Multilingual-Cms » Version: 2.9.3

cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:2.9.3
Onthegosystems » Sitepress-Multilingual-Cms » Version: 3.2.6

cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:3.2.6
Onthegosystems » Sitepress-Multilingual-Cms » Version: 4.3.7

cpe:2.3:a:onthegosystems:sitepress-multilingual-cms:4.3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10568

Products

Pricing

Contact Us