WordPress Plugin Security Update Advisory (CVE-2024-6386)

Overview

 

An update has been released to address vulnerabilities in WordPress WPML Plugin. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-6386

• WPML versions: ~ 4.6.12 (inclusive)

 

 

Resolved Vulnerabilities

Remote code execution vulnerability in WPML in WordPress (CVE-2024-6386)
 

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-6386

• WPML version: 4.6.13

 

 

References

[1] CVE-2024-6386 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6386

[2] WPML Multilingual CMS <= 4.6.12 – Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/sitepress-multilingual-cms/wpml-multilingual-cms-4612-authenticatedcontributor-remote-code-execution-via-twig-server-side-template-injection