Several serious vulnerabilities have been disclosed in the WPML plugin for WordPress. Jouko Pynnonen, the CEO of Finland-based IT company Klikki Oy disclosed the vulnerabilities earlier this week. They include:
SQL injection which gives full access to the WordPress database.
Page, post and menu deletion by an unauthenticated ...
There is a vulnerability in WordPress SEO by Yoast. This is a CSRF vulnerability so is harder to exploit because it requires tricking an admin into loading a link from their own website where they're logged in. However it's serious enough that we're sending out an alert. Yoast has released a fix, so upgrade immediately. It's worth noting that this ...